WordPress Plugin: Old Core Files

I saw the Old Core Files plugin advertised on my WordPress dashboard & I was curious to see what it’d report for this instance.
It listed 461 obsolete files which I was unable to delete but this may be due to my config rather than a plugin issue (fiddling with filesystem permissions did not help). After the tidy up I went to compose a post only to find that leaving the plugin active breaks the add new post section of WordPress, the following error message is logged

2013/01/27 21:46:36 [error] 49410#0: *511 FastCGI sent in stderr: "PHP Fatal error: Call to a member function abspath() on a non-object in /myblog/wp-content/plugins/old-core-files/old-core-files.php on line 237" while reading upstream, client: 10.10.10.10, server: http://www.myblog.foo, request: "GET /wp-admin/post-new.php HTTP/1.1", upstream: "fastcgi://unix:/tmp/php.socket:", host: "www.myblog.foo", referrer: "https://www.myblog.foo/wp-admin/"

If you have an instance of WordPress that’s been around for a while & has gone through several version updates then it’s well worth installing as a one off. Use the plugin to get a list of obsolete files & remove the plugin afterwards. The current version (v1.0) seems to cause issues if left enabled.

Update 28/1/2013
Version 1.1 has been released which removes the delete button.

WordPress database error Illegal mix of collations

Ignore the advice below, this error is still produced and tables are still in latin1 encoding, I will follow up once I’ve looked into it further
So the databases for my blogs were setup a long time ago when the mysql database used a latin1 character set and the latin1_swedish_ci collation. With the 2.1.3 release of WordPress this was changed to UTF-8 which applied to new installs. I was recently looking through my errors logs & noticed frequent errors like
"WordPress database error Illegal mix of collations (latin1_swedish_ci,IMPLICIT) and (utf8_general_ci,COERCIBLE) for operation '=' for query SELECT comment_ID FROM wp_comments WHERE comment_post_ID = '1' AND comment_parent = '0' AND comment_approved != 'trash' AND ( comment_author = 'Someone' OR comment_author_email = 'something@example.com' ) AND comment_content = 'Some comment' LIMIT 1 made by wp_new_comment, wp_allow_comment

As these errors were always generated by spammers I had alway assumed that these errors were cause by them using misconfigured scripts/tools? after all, every time you upgrade WordPress it performs a database update if it’s required!
I suspect I may have screwed things up by replacing the wp-config.php with a more recent copy. This blog started off on a very early zero dot release of WordPress so I was missing lots of things such as the variables for “Authentication Unique Keys” so I swapped files around.

The WordPress site has an article on converting database character sets which gives a brief history & lists several different approaches to solving this problem. I didn’t want to dump databases & restore so I took the longer way of converting tables manually, thought I was done & left it that. Earlier I drafted up a blog post on Acme and happened to scroll down the front page by accident where I noticed that one of my blog posts was incomplete, looking through the archive showed other posts which also had content missing.
Luckily I’d taken a backup before starting the conversion process.
I created a new database for each blog & re-imported each dump using
mysql -u root -p --default-character-set=utf8 mydbname <; mydbbackup.sql
as instructed in the WordPress article
Revisiting the site showed the incomplete posts were fixed.

Plugins which improve the basic security of a WordPress instance

I installed a couple of plugins on my instances of wordpress to offer some basic protection which is not available in a stock wordpress install.
First plugin is Simple Security, this plugin protects against brute force login attempts. (There seems to be an issue with the current 1.0.3 release of this plugin where browsing multipage section of the admin section eg posts, followed up with the developer for feedback).

Second plugin is Ban Hammer which allows you to block accounts from signing up using a listed domain or specific email address.