You know you're in a bad situation when you're forced to upgrade to an alpha product. Having said that, Wordpress seems to be behaving, probably because Alex King helpfully agreed to grab the latest trunk build, which I'm told contains many, many bug fixes. I tried to get access to the nightly build by signing up for the mailing list, but the link that was then sent to me went to a dead page. Wordpress is a strange beast. It's grown into a mature tool and is clearly proven in "the field" in that it seems to be relatively secure, and has lots of high-traffic sites using it. Having said that, I find that the support and organization behind the product is just shy of horrible. As a test, go to wordpress.org and try to find something. Give up? I nearly gave up several times while hunting for various things -- and I'm pretty good at finding things.
So, why was I forced to upgrade? My server was hacked again. I have no idea how they got in this time, but I'm sick of all of these security holes on my box. Until now, I had been running b2 0.6.2, which shipped with a SQL Injection vulnerability that was fixed on 0.6.2.2. But I don't remember if I applied the patch, and I couldn't easily find the files I needed to make sure.
Moving forward, I've kicked everyone (else) off of my servers, and have removed all traces of old software, including the wonderfully-unsupported Exhibit Engine, which unfortunately hosted a couple thousand of the images I have online.
It was not straightforward to migrate from b2 to Wordpress. Here's the path I took:
b2 0.6.2 -> Wordpress 1.0.2 -> Wordpress 1.5.2 -> Wordpress 2.0.1-alpha
Wordpress 2.0, 1.5, and 1.0.2 are not available for download from any one place, so I had to hunt around for the original packages. At the moment, 1.0.2 is available from the old Sourceforge site, 1.5.2 is most easily obtainable from Alex King's site (the WP 1.5.2 Plugged In version), and Wordpress 2.0.1-alpha can be downloaded from the current Wordpress site.
The migration process to the various versions went fairly smoothly, with the exception of custom field migration. b2's custom fields were just tacked on as extra columns in the old b2posts table (boo!), and the migration scripts lose track of them at some point. The new custom fields are stored as key value pairs in the wp_postmeta table (or, b2postmeta, if you're upgrading and use the original database table prefix name).
As an example, let's say you have an old custom field called Location. Once you've upgraded all the way to Wordpress 2.0, you can run the following SQL code to move the information over to the new table:
INSERT INTO b2postmeta (post_id, meta_key, meta_value) SELECT ID, 'Location', Location FROM b2posts WHERE Location <> '';
Repeat for the rest of your custom fields; they should all move over with no problem. This assumes that you're using b2 as your table prefix. The other thing I had to do was to manually set the option_value for siteurl in the b2options/wp_options table.
Previously, I had hacked in a privacy feature into b2 which allowed user-level access to private entries, and was left with all of my old posts public in the new system. But since I had migrated custom fields over, they were all tagged with private values that flagged the appropriate private posts. And so I downloaded the ViewLevel 2.0 plug-in for Wordpress 1.5, which is a good start to a user-level privacy system in Wordpress 2.0. I renamed all of the Private custom field key names to viewlevel, modified the ViewLevel code for compatibility with 0-level access, and it all seems to work. Private messages no longer appear at all to people without access, so those users out there who browse my site anonymously until they see a private placeholder will have to be better about staying logged in.
Alex encouraged me to use the new user roles in WP2.0 instead of continuing to use user levels, but it seems to be working at the moment. I'll make the changes when I have some more free time...
Oh, yeah. The templates took several hours to re-built into a theme. I made it very-much un-theme-like, but I'm glad it's done.
Differences you'll notice:
- no private post placeholders
- no "last logged in" information, nor new post/comment icons (yet)
- no date dividers
- rss for comments (yay!)
- comments/trackbacks use akismet (not sure how it works yet)
- emoticons are visible. not sure yet how to turn these off. i hate them.
Let me know if you notice anything weird. ;)
I still hate computers.
*UPDATE 1/23/06* I updated about 150 entries; images should look fine now. (took a couple of hours)
*UPDATE 2/3/06* Wordpress 2.0.1 has been released; the distributed development team has fixed 114 bugs since the 2.0 release a month ago.