Finally we have upgraded our WP multisite to 3.4.2!
In this upgrade we also upgraded around 30 plugins and 8 themes. Also we installed a new theme: TwentyTwelve. Hopefully some of the admin-users will like it.
The greatest challenge we had was to be able to do real testing on plugins, themes and blogs on our system, before upgrading the main system. We wanted to test everything 100% so that none of our users would notice any problem.
We solved this by establishing another server, with a setup exactly like the production server. (We are running our systems on Linux Redhat Enterprise).
On this Test server we installed the software/middleware similar to the main production system like: MySQL, Apache with PHP and more.
Second we imported all the MySQL data from the production system to this new Test system, and also all the “blogs.dir” data.
Because of DNS names, which are also clogged into the database, we had to edit both the Test server “hosts” file and client “hosts” file with all the blog-domain names:
Example:
192.168.127.145 blogname1.ourblog.uib.no
192.168.127.145 blogname2.ourblog.uib.no
192.168.127.145 blogname3.ourblog.uib.no
…
And so on, for 194 of them.
Now, when we tested the different sites, one by one, we could see how the core, plugin and theme upgrade affected the individual sites one by one. This testing was done manually by my colleague.
We also used a bash script that went through the list of 194 blog domain names, downloading the html code for each of them, calculating the number of bytes downloaded. All the sites with a 0 bytes download were sites that we could look deeper into to, to see what went wrong.
There were no big problems; some plugins could not be upgraded, because they locked the system after being upgraded. These plugins we just kept on their current release.
Also in our upgrade we installed a new plugin called: WP Better Security.
Which we really recommend.
Today I got attempts from 5 different people trying to guess the admin password. With the 5 failed password-login attempt, they were successfully locked out. The plugin looks promising and we are stilling digging into this security enhancement to our multisite WP site.
We also closed the self-registration. From now on, only administrators of each Blog can add users. We had too many spam-users, actually on present date; we had 1800 spam users, and 800 real users.
The way to lock the users created by spammers, we only set the ‘spam’ field in the wpusers table to ‘1’ in the Mysql database.
Final word 1: In order to make the sites none-writeable. We used a plugin called code-freeze to close everything, in order for us to work, take backup of the Mysql database and more, being assured that it was not possible for users to add and change the system. This was done before we stopped the HTTPD deamon, mentioned above.
Final word 2: before doing any of the core, plugin and theme upgrade on the main production site, we did a full Mysql dump of the database while Apache HTTPD server was stopped. (This to make sure that no UPDATE,INSERT,DELETE or other SQL statements were performed during backup.)
The Mysql backup/snapshot was done with the: automysqlbackup. See my links where to find it.