The Gutenberg editor and other crappy things about WordPress.com in 2020

My day gig is involved with aggregation of big data, some via a WordPress plugin that’s been a staple of our product line for quite some time. The feedback I receive day in and day out from team members and clients is that the Gutenberg editor is just horrible. Is there a doubt that the folks are WordPress are not aware of how, dare I say HATED the Gutenberg editor is? Considering the CLassic Editor plugin was released within 60 days of WordPress 5.0 launch the answer to that question is a resounding yes.

In the time I spent away from WordPressdom there’s been many changes to WordPress.com reader. It used to be a hotbed of creatives sharing experiences walking you through some interesting concepts. Now I’m finding a bunch people posting crossword puzzle answers and soccer moms posting bible verses. What the heck happened? Thank goodness for the folks reviewing music and writing stories that are active. I’ve come to one conclusion:

I can’t find folks writing on subjects I favor with the newer Reader tools. 

Admittedly while less active I continued to read the people that I had followed on a regular basis. Over a period of time people stopped writing and my Reader feed became shorter and shorter. 

I used to find authors to follow by reading either Freshly Pressed which was chosen by readers recommendations, or a section that no longer exists of all blogs posted by time stamp. I really missed sorting through all the new blogs that were written in real time. That was my favorite part of the reader, How sad they did away with that section. WordPress even has a support knowledge base article showing you how to get featured on the now sunsetted Freshly Pressed:

https://en.blog.wordpress.com/2010/04/28/five-ways-to-get-featured-on-freshly-pressed/

Since I’m somewhat of a Unix geek I was hoping there was a variable or variable string where I could see what was being posted in real time. For the non-nerdist a variable sting is all the gibberish you see in a URL when you shopping on lets say Amazon. 

You can still find all the newest articles with this hack. In the search add this variable:

?=all

And search for that string. Because WordPress has some heavy cache you can only do this a few hours apart. If you search this variable string too often it will return the same results. 

Sometimes hundreds of entries per hour located are there. It was a great place to connect with other bloggers. Now there seems to be no way to connect other than searching keywords which is so bad!

Huge attack on WordPress sites could spawn never-before-seen super botnet

According to Forbes, ARS Technica and Computer world Hosted WordPress sites are under attack by a bot net that’s 90,000 nodes strong. It’s recommended everyone update their WordPress software and to more secure passwords as soon as possible. If you’re hosting a free WordPress blog, as of now this  bot net wont effect you.

Here’s the article from ARS Technica:

wp_bruteforce-640x455

Security analysts have detected an ongoing attack that uses a huge number of computers from across the Internet to commandeer servers that run the WordPress blogging application.

The unknown people behind the highly distributed attack are using more than 90,000 IP addresses to brute-force crack administrative credentials of vulnerable WordPress systems, researchers from at least three Web hosting services reported. At least one company warned that the attackers may be in the process of building a “botnet” of infected computers that’s vastly stronger and more destructive than those available today. That’s because the servers have bandwidth connections that are typically tens, hundreds, or even thousands of times faster than botnets made of infected machines in homes and small businesses.

“These larger machines can cause much more damage in DDoS [distributed denial-of-service] attacks because the servers have large network connections and are capable of generating significant amounts of traffic,” Matthew Prince, CEO of content delivery network CloudFlare, wrote in a blog post describing the attacks.

It’s not the first time researchers have raised the specter of a super botnet with potentially dire consequences for the Internet. In October, they revealed that highly debilitating DDoS attacks on six of the biggest US banks used compromised Web servers to flood their targets with above-average amounts of Internet traffic. The botnet came to be known as the itsoknoproblembro or Brobot, names that came from a relatively new attack tool kit some of the infected machines ran. If typical botnets used in DDoS attacks were the network equivalent of tens of thousands of garden hoses trained on a target, the Brobot machines were akin to hundreds of fire hoses. Despite their smaller number, they were nonetheless able to inflict more damage because of their bigger capacity.

There’s already evidence that some of the commandeered WordPress websites are being abused in a similar fashion. A blog post published Friday by someone from Web host ResellerClub said the company’s systems running that platform are also under an “ongoing and highly distributed global attack.”

“To give you a little history, we recently heard from a major law enforcement agency about a massive attack on US financial institutions originating from our servers,” the blog post reported. “We did a detailed analysis of the attack pattern and found out that most of the attack was originating from [content management systems] (mostly WordPress). Further analysis revealed that the admin accounts had been compromised (in one form or the other) and malicious scripts were uploaded into the directories.”

The blog post continued:

“Today, this attack is happening at a global level and WordPress instances across hosting providers are being targeted. Since the attack is highly distributed in nature (most of the IPs used are spoofed), it is making it difficult for us to block all malicious data.”

According to CloudFlare’s Prince, the distributed attacks are attempting to brute force the administrative portals of WordPress servers, employing the username “admin” and 1,000 or so common passwords. He said the attacks are coming from tens of thousands of unique IP addresses, an assessment that squares with the finding of more than 90,000 IP addresses hitting WordPress machines hosted by HostGator.

“At this moment, we highly recommend you log into any WordPress installation you have and change the password to something that meets the security requirements specified on the WordPress website the company’s Sean Valant wrote. “These requirements are fairly typical of a secure password: upper and lowercase letters, at least eight characters long, and including ‘special’ characters (^%$#@*).”

Operators of WordPress sites can take other measures too, including installing plugins such as this one and this one, which close some of the holes most frequently exploited in these types of attacks. Beyond that, operators can sign up for a free plan from CloudFlare that automatically blocks login attempts that bear the signature of the brute-force attack.

Already, HostGator has indicated that the strain of this mass attack is causing huge strains on websites, which come to a crawl or go down altogether. There are also indications that once a WordPress installation is infected it’s equipped with a backdoor so that attackers can maintain control even after the compromised administrative credentials have been changed. In some respects, the WordPress attacks resemble the mass compromise of machines running the Apache Web server, which Ars chronicled 10 days ago.

With so much at stake, readers who run WordPress sites are strongly advised to lock down their servers immediately. The effort may not only protect the security of the individual site. It could help safeguard the Internet as a whole.

Finally!

After overwhelming kicking, screaming and pie throwing in the wordpress forums by about a thousand other users including myself, the geniuses that head the wordpress team decided maybe it might be a good idea to reevaluate the spam / Block button. Isn’t that great! Now I get to go back and block the 10,000 spammers I’d already blocked before the worlds lamest social engineers decided to delete the database. Matt Mullenweg = Massive FAIL!

WordPress Reader = FAIL!

 

 

dipshit

The new word press in a word “sucks”

WTF was Matt Mullenweg thinking with the new reader integration when they just updated the fucking thing 5 weeks ago? Jesus christ I’m so tired of everyone trying to copy Face Book, face book is shit! Face Book is over! Get a god dam Clue WordPress team! Look at the stock price of the company you’re blatantly copying instead of innovating. It’s in the shit can for a reason!

Seriously I’m pissed off because what word press is at it’s core these days is a god dam spam bot. Yes what the Internets need is more spam bots Mattl! About 5 weeks ago the wordpress team added a drop down menu that reported spam and blocked it from your reader, it’s the most brilliant thing they’ve done in years which hasn’t been much unless you consider that massive fail of a forum software the tried to sell. What a POS that thing is.

I can equivocally tell you from today on this wordpress located here is dead. As a veteran software engineer this is disgusting for software to be release in such a shoddy condition. WordPress is crawling at a snail’s pace because the code is shitty. They call it debugging idiots, buy a book and get a fucking clue!

I have no intention of going back to keywords I read daily such as “guitar” which has 80% spam if I can’t block them because the word press team doesn’t do shit when you report them. I’ve reported them until I’m blue in the face yet day after day there they are in the same place breaking the same TOS rules eating up free wordpress.com’s bandwidth to make money manipulating Google keywords. You people are fuktards, please grow a god dam I.Q. and do it now!

The worst thing of all is I’m in the middle of a huge Enterprise WordPress, PHPBB integration for a multimillion dollar corporation that has treated me very well for years as my client. Now I have to start over with Joomla HALF WAY THROUGH THE PROJECT because someone at WordPress has clearly taken way to much LSD, how else could any group of people be so dumb? Not only have you imbeciles killed my blog but you’ve just lost me thousands of dollars. Thanks Matt, and please take some anti retard pills and change the fucking code back to a solid release not a shitty Alpha!

Good god what a clusterfuck!

Chaos, some things never change!

Today I’m grateful I’m not bloody mad! Since I’m hosting this blog on wordpress’s free host I can’t SSH onto the Server. For two days my header image has been uploaded but not resolving on the blog even though the theme supports it. I just received word that it looks like a bug in the theme appropriately named ChaosTheory, the name fits! Eris indeed :)