Plugin

’t Moet ergens van eind 2009 geweest zijn dat ik ogenschijnlijk nog gewerkt heb aan WP Mollom, een plugin voor WordPress die toelaat om comment spam te bestrijden via Mollom. De versie die op mijn blogje staat heeft sindsdien geen updates meer gekregen. En dat laat zich duidelijk voelen. Ik krijg af en toe te horen dat het niet zo eenvoudig is om commentaar hier achter te laten. En daar ben ik me maar al te bewust van.

Hoog tijd voor een nieuwe versie dus.

In het laatste anderhalf jaar heb ik, samen met anderen, af en aan gewerkt aan een opvolger. Er is nog geen eerste, stabiele versie van uit, maar ver zitten we er niet meer van af. Ik hou aan het principe eating your own dog food en dus heb ik bij wijze van test de opvolger op mijn blogje ingezet. Het idee is natuurlijk dat spam geblokkeerd blijft, maar dat jullie, lezers en lezeressen, een pak minder zullen worden gehinderd.

Voor de geïnteresseerden: je kan al eens neuzen in de code (gebruiken op eigen risico!). Pas als alle bugs er uit zijn geijzerd, komt de eerste stabiele versie uit. Nog even geduld dus.

We zijn razend benieuwd hoe de testversie presteert!

Davy started a meme: show off how well Mollom has been performing on your site over the past weeks, months or even years. I picked it up at Wim’s place. Here is the lowdown for my own blog.

To be more exact: Mollom was activated 703 days ago. Until now, 1,355 submissions were accepted and 23,999 rejected. Yesterday, Mollom blocked 12 spam attempts and accepted 0 ham messages. So far, Mollom blocked 13 spam attempts and 0 ham messages today.

Quite impressive.  The least I can say is that Mollom took away a big nag of mine. The gap in Q1 of 2009 was due to a critical bug which needed fixing in my code.  I ran Mollom in developer mode which means no real life statistics were recoreded during that particular timeframe. Apart from that, Mollom has been protecting my WordPress blog for the past 2 years and held on to it’s own.

Of course, you’re all probably eager to know whether I’m still maintaining the plugin. Yes, I am. Over the past few months, I’ve been working off and on to get a new version a the plugin ready. It will be a total rebuild with lots of improvements. I’m covering what’s to come and my own developer experience in depth in a future blog post.

So stay tuned!

One of my ongoing efforts is trying to get WP Mollom translated. I’ve put the plugin up on the wp-polyglots mailinglist and I’ve received several translations. Which was enough a reason to tag a new release. So, now you can enjoy the power of Mollom in these languages:

• Vietnamese (vi)
• Bulgarian (bg_BG)
• Bangla (bn_BD)

I’ve already written about revising the codebase and making room for improvement. I’ve made a small list of things that are on my wanted/todo list.

• More OO
  At this point, all the functionality is contained in 28 functions. These functions implement everything from the different calls to the Mollom API, over handling comment form input to showing a pretty graph. Although most functionality is comprised to it’s own function, there’s still lack of a good architectural design. I’ve come to a point now where adding new features or optimizing code means ripping apart large pieces of the plugin. For instance, the function that let’s the configuration page work contains code to handle the form but also to build and show the form. Boxing functionality limits the ability to reuse code or adapt it efficiently. Identifying separate segments of functionality and assigning them to their own classes and functions will make the plugin more agile and able to cope with change.
• Implementing AJAX
  Over the last iterations, WordPress has incorporated loads of AJAX. This technology makes it possible to, for instance, moderate a comment without the need to reload the entire page. And as a bonus, add a nice colored fade effect. It would be nice to leverage the AJAX API of WordPress and make WP Mollom more userfriendly. AJAX in Mollom would not only be applied in the administration panel, but also made available front-end to theme developers.
• Usability
  The current interface has already gone through several iterations but there’s still room for improvement. I’m thinking of several things. Instead of a percentage with no label, it should be a more visual indication of the spaminess of a comment. Comments that had a CAPTCHA should stand out more in the list. Pagination needs more refinement. The configuration page needs some rethinking. The quality indicator in the moderation module should be more verbose. I would also like to make the plugin more informative: a better breakdown of statistics and performance monitoring of the plugin.
• Hooks
  Wordpress allows plugin developers to define their own hooks. This enables plugins to ‘hook’ onto each other. A nice example is Ozh’ Admin Dropdown Menu that allows plugin developers to define a custom icon through a hook. I would like to keep an eye out for places in the plugin code where functionality added through third party plugins can generate added value. Mollom is designed not only to protect comment forms, but any form that’s presented to an end user. So it would be a plus to make Mollom protection available to other plugins through well placed hooks.
• Widgets
  Wordpress 2.8 will ship with a new improved Widget API. This enables plugin developers to write easy to create widgets which can display all kinds of neat things on your blog. An easy to install Mollom widget that displays the effectiveness of Mollom would be a nice-to-have.
• WordPress MU support
  This is something I’ve been talking a long time about: adding support for WordPress MU. The current codebase doesn’t allow this in an easy fashion. Incorporating WordPress MU support is one of the main reasons to rethink the way the plugin should be designed.

It’s pretty clear this means going back to the drawingboard. Development should progress pretty fast though, since most of the code which is now in the current stable version, can be reused. One lesson I’ve learned is that I should to code the plugin against the development version of WordPress (in this case: bleeding-edge 2.8) to cope with the changes and make use of newest features in WordPress.

In retrospect, the plugin has been a project which I’m working on little over a year now. The log of wp-mollom.php tells me that I started working on the plugin itself (after testing the Mollom API and very premature versions in february-march 2008)  on april, 2nd of last year. So, a bit late: but happy 1st birthday WP Mollom!

Another month, a new release. I just tagged WP Mollom 0.7.3. It’s got the shortest changelog up to date, but the translations that are included make up for that.

• fixed: multiple moderation would incorrectly state ‘moderation failed’ due to incorrect set boolean.
• added: german (de_DE) translation
• added: italian (it_IT) translation

Many thanks go out to Alexander Langer and Gianni Diurno for sending me their translations. With only 88 strings, translating the plugin doesn’t take that much time. So, If you could spare the time and you know your way around POEdit (or you’re willing to learn), just go out there and make this plugin easier to use for non-english speaking users of WordPress!

Of course, if you don’t use the plugin already: you can get it right here!

Yes. WordPress 2.7 is out. Your favorite blogging tool has gotten a serious overhaul: a totally new administration panel, loads of bugfixes and lots of new features.

The plugin API has been extended: you should now use a seperate file to store all uninstallation logic instead of relying on the deactivate callback, options should be registered with WP (mandatory in near future versions) and the submenu structure onto which you can hook your own settings is revamped.

If you haven’t already noticed, WP Mollom 0.7.0 has some minor issues with 2.7. Most notably, The management panel disappears. Between boxing my stuff, frantic phonecalls and spending countless hours commuting through Flanders, I’m trying to get the plugin up to speed.

Welja, ik ben natuurlijk nieuwsgierig naar de mate waarin mijn plugin wordt geïnstalleerd en opgepikt. En natuurlijk durf ik dan al eens rond te googlen. Dus gooide ik even wp-mollom als trefwoord door Google.

Wat mij opviel in het lijstje was dit:

Inderdaad, een open directory bij Clopin. Blijkbaar heeft Clopin niet alleen de plugin op zijn blog gegooid, maar ineens de volledige wp-mollom/ folder inclusief screenshots. Via die toegang is het een koud kunstje om zijn plugins/ folder uit te lezen. En uit die informatie kan ik meteen een aantal dingen afleiden.

• Clopin maakt – uiteraard -gebruik van WordPress.
• Ik weet nu welke plugins Clopin op zijn WordPress blog heeft draaien.
• Aan de hand van de data waarop de files en folders werden aangemaakt zie ik of er oudere en nieuwere plugins tussen staan.
• Ik ken nu niet alleen de actieve plugins – waaronder de plugins die in alle stilte hun werk doen -, maar ook alle, waartussen wel eens oudere, vergeten versies zitten, inactieve plugins.
• Ik weet meteen ook het model webserver en eventuele modules waarop Clopin.be draait.

Het spreekt voor zich dat dit vrij interessante informatie is voor kwaadwillige hackers. Door veiligheidslekken in oudere plugins uit te buiten, kunnen die wel eens lelijk huis houden. Niet dat ik daarmee iets nieuws vertel, maar ik vind het een mooie aanleiding om dit probleem even aan te kaarten. Ook anderen bloggers tonen eveneens voor Jan, Pier en Pol welke plugins ze op hun blog hebben draaien. Google indexeert die volledige folder trouwens. En nog een pak meer.

Anderen zijn voorzienig geweest en schermen de boel volledig. Probeer maar eens met die laatste google zoekopdracht dezelfde informatie te achterhalen en naar hun plugins/ folder te surfen.

Wat kan je hieraan doen?

Wel, je kan verschillende strategieën gebruiken. De meest eenvoudige is een – al dan niet lege – index.php file in de folder te droppen waardoor je de inhoud van de folder onzichtbaar wordt. Of je, als je wat avontuurlijk bent aangelegd, een .htaccess file aanmaken die toegang tot de folder blokkeert. Let wel op dat je de boel niet te hard dicht timmert waardoor je blog kapot gaat.

Lees meteen ook even dit artikel met 3 eenvoudige tips om je WordPress website te beveiligen. (via bram.us)

O ja, ik ben zelf een tweetal jaar geleden het slachtoffer geweest van een hacker. Ik heb de tips in kwestie toen al toegepast. Geen overbodige luxe dus.

I just tagged version 0.6.1 of WP Mollom in the WordPress Extend repository. Which means in a few moments, you’ll be able to download the latest installment of my plugin.

So, what has changed? Well, this is a bugfix release which means no new features. Here’s the changelog:

• Fixed: division by 0 error on line 317
• Fixed: if ‘unsure’ but captcha was filled in correctly, HTML attributes in comment content would sometimes be eaten by kses
• Improved: the mollom function got an overhaul to reflect the september 15 version of the Mollom API documentation
• Changed: mollom statistics are now hooked in edit-comments.php instead of plugins.php
• Added: _mollom_retrieve_server_list() function now handles all getServerList calls

Although almost all basic functions are up and running now, there’s still a long road ahead. Today, I’m happy with what I’ve accomplished technically so far, but such things as usability, performance, flexibility,… still need more work. For instance, there’s still no WordPress MU version, i8n support is still missing, the backend needs more simplifying and much more.

But then again, if spam annoys you as much as the mosquitos in my room did me last night, then this is the plugin for you. Download the package, drop wp-mollom.php in your plugins folder, register with mollom.com to get your keys, just configure them in the plugin and you’re all packed with some serious spam stoppage power.

Happy blogging!

So, Dries and Benjamin put out t-shirts to all those who contributed in a way to Mollom. If all went well, and Belgian postal services did their job, a package with a tee would be waiting for me at home right now. A big thank you!

Over the past days, there were some hiccups with the plugin not working that well. First, crack groups of rogues still get the better of the plugin. I also got spam in the moderation queue on a daily basis. The service is still under development and strategies are being devised to counter these attacks as we speak. Second, during debugging rounds in the past days, I encountered some anomalies against the API which will be fixed in the next version.

Yesterday, Dries, Benjamin discussed, amongst other things, Mollom over dinner in Antwerp. How s/w/could the service evolve in the future? I came home with a lot of ideas and todo’s. Bottomline is that the current version of the plugin is only the start.

I know, Mollom news isn’t what most of my regular readers interests. I got several remarks from people who rather like the lifelogs, the photos, the videos or the links. So I’m working on a plan to move all the techy stuff, not just Mollom, to it’s own seperate personal techblog in due time.

WordPress 2.6 just got released. It contains lots of bug fixes and new features. Like versioning if you work in a collaborative environment, a ‘press this’ button, extended gravatar support and much more. Watch the introductory movie on wordpress.org. 2.6 is named ‘Tyner’ after jazz pianist McCoy Tyner.

Of course, I’m going to test the plugin on 2.6 in the next couple of days.

The plugin got featured over the weekend on mollom.com. It has now it’s own place in their downloadsection. How neat is that!

During my four days of relaxing at Rock Werchter, I received some much needed feedback from you. Over the weekend, I realized there are still an issue or two which needs taking care of. There was also a minor change in the API documentation which needs implementing.