Michael Eriksson's Blog

A Swede in Germany

WordPress and its user-hostile administration area

with one comment

As I tried to refresh a page from my WordPress account earlier today, I found that I had been logged out.* More specifically, I was forcefully lead to (what I assume was) a log-in page that simply did not work or show anything useful, but which complained about a lack of JavaScript. (No, activating JavaScript did not help.) After digging around, I found a log-in page that did work, logged in—and found myself in some version of the administration area that did not even slightly resemble what I was used to, and which simply did not work—with or without JavaScript activated. Problems included incomplete displays, “my sites” simply not being found, and (browser-side) warnings about a possible XSS** attack by a “doubleclick.net” address***.

*Having a dedicated user-account and browser for WordPress, I have no qualms about never logging out manually. Automatic log-outs, on the other hand, are so rare that I cannot even recall the previous time that it happened (or whether I had similar problems back then).

**Cross-site scripting: Roughly speaking, an attempt to cause mischief for a user by including JavaScript from one site into another, in order to circumvent the user’s and browser’s security controls/checks/awareness/whatnot.

***Presumably, a part of Google’s advertising efforts that still carries the name of the former “DoubleClick” brand. The alarm is likely a false positive to the degree that this is almost certainly is not caused by an illegal activity; however, (a) users are still better off without it, e.g. for privacy reasons, (b) the integration into the WordPress pages is obviously not done sufficiently well.

After wasting five to ten minutes trying this-and-that, I contemplated simply foregoing WordPress entirely and effective immediately*, but resorted to a last ditch attempt: One of my old tabs contained a page from the (familiar) admin area. I copy-and-past-ed** it into a new tab, and things suddenly worked as they should.

*WordPress sucks, and I have long-standing plans to move away anyway. However, time constraints and the many other things that I do has postponed this ever again.

**Just re-loading would likely have worked equally well, but keeping the old tab intact gave me a better chance at a second attempt, should something go wrong.

The difference is likely that this link already led to the blog specific admin area, which still works as it should; while what was served after log-in was a user account admin area.* Should the above happen to you (or me, at a future time): Look at the URL. If it begins with “https://wordpress.com/me”, you are probably stuck in the user level area, and you should try to get to the blog area, which will begin with “https://michaeleriksson.wordpress.com/”**. The “dashboard” of the blog administration can then be found under “https://michaeleriksson.wordpress.com/wp-admin/index.php”**, from where other parts of the administration can be found. (In all cases, with reservations for future changes.)

*There can be more than one blog associated with each user account.

**For my main WordPress blog. Please substitute your own blog name/address as appropriate. Also see excursion below.

Excursion on WordPress, incompetent handling of post-by-email, and how this can influence a text:
I have written repeatedly of how WordPress handles post-by-email incompetently, e.g. through introduction of artificial links. This text provides a good example: without the quotation marks around “doubleclick.net” above, it might have been mangled into “http://doubleclick.net” and turned into a link, which is not only contrary to the purpose of use above, but could also be highly confusing to the reader. Knowing of this issue, I resorted to add quotation marks where I would not normally have used them.

The use of e.g. “https://michaeleriksson.wordpress.com/” above is yet another example of why WordPress handles links poorly: I do not intend to link—only to make a statement of how a link would begin. Indeed, going directly to this address would show the published blog—not the administration area. (But here, I would have used quotation marks anyway, because I discuss strings.) Further, “https://michaeleriksson.wordpress.com” would normally have called for a use of place-holders, e.g. in that I had replaced “michaeleriksson” with “[your blog]”. I refrained from doing so, because I see at least a risk* of mangling.

*I have made good experiences with quoting, which seems to protect the text, but if I find an exception I would need to research a work-around, edit, and/or re-publish the text, which would cost me time and energy. To boot, this would involve a delay and inconsistent texts being sent to subscribers. Better then to take the safe road.

Advertisements

Written by michaeleriksson

April 8, 2019 at 11:04 am

One Response

Subscribe to comments with RSS.

  1. […] And don’t you believe it: The morons from WordPress still managed to introduce links where they do not belong, despite use of quotation marks. […]


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s