WordPress 2.5 Released & My Needed Fix for Image Upload on servers with Mod_Security

WordPress 2.5 was finally released today, after much anticipation. Matt Mullenweg did a comprehensive post on the WordPress Blog about this new update and the changes to 2.5. I won’t go through all the major changes - - just read Matt’s post.. he’s done a nice job of explaining a few things and includes a video on some the enhancements. The WordPress.Org website has undergone a brand new re-design that coordinates with the new design of the WordPress Dashboard, as well. Some very nice improvements in the design you’ll notice when you upgrade to WordPress 2.4 - - it’s a little difficult to get used to, at first, but it’s a lighter interface with, overall, some very nice improvements. I think once users get over the initial shock of everything looking different and being moved around and renamed… the old design will be a distant memory as we all move forward. My only sticky point on the new interface design is that it is all left aligned. On my 1280 monitor - - it’s a little hard to take. But if that’s the worst of it - I’m good.

I ran into a little buggy issue with the image uploader in 2.5 that seems to revolve around the fact that my server runs mod_security. The new image uploader uses a Flash interface and mod_security was rejecting it completely. I could not upload images at all and kept getting errors. (Read my post in the WordPress Support Forum about this issue and the errors).

If you find this to be the case in your situation - disabling mod_security on one file, in particular, has solved the problem for me and I accomplished that by adding the following rules to the .htaccess file in my WordPress installation directory:

<IfModule mod_security.c>
<Files async-upload.php>
SecFilterEngine Off
SecFilterScanPOST Off
</Files>
</IfModule>

For me, that worked like a dream - - now the image uploader works fine and I’m able to take advantage of the gallery features with 2.5. Though, if everyone is shutting off security on that one single file - - it will become a file targeted for foolery and exploit, and it won’t take long, so the hole will need to be closed, eventually. Locking that file down to a particular IP is a solution for someone who has that kind of access.

When this weekend is over, I will have completed a PDF chapter that covers the changes in WordPress 2.5. This chapter will be available as a free, downloadable PDF document on Dummies.com, as well as being available here on my site for free download.

This free PDF chapter update for WordPress For Dummies is being done in tandem to the planning and writing of the second edition of WordPress For Dummies, due to be released a bit later this year. This weekend, I am revising the Table of Contents as I plan the content inclusion for the second edition, which will, of course, include WordPress 2.5 updates. Though, due to much feedback I’ve recieved from readers - - there’s much demand for more information on WordPress theme information: tweaking, modifying existing themes, theme development, CSS information , etc. Themes were covered in the first edition - - but on a pretty basic level. We’ll be looking at more in-depth information on themes, template tags and the like with the second edition, as well as more information on upgrading, using custom fields and plugin information.

I’m thrilled that the fine folks at Wiley Publishing recognize the popularity of the WordPress blogging platform and understand the community and the progressive nature of the software development, so much so that they want to keep the book project moving forward, rather than stagnating on the shelves with only a first edition that covers outdated development. This was one of my main concerns when entering into this book project - and they have answered the call. Good on them, I say!

Cross-posted to Lisa Sabin-Wilson’s blog and Blogs About Hosting