Wordpress Archives

  1. Hardening WordPress →

    While WordPress account containment is one way to improve a website’s security, there are a number of different ways to prevent your WordPress account(s) from being compromised.

    Within the article is a link to another one titled “How Hosts Manage Your Website Security“, which reminds us “Hosts are concerned with the security of their infrastructure, not with your website.” It is up to you to make your website secure.

  2. WordPress Account Containment

    For nearly every one of my music projects, I have been the guy with enough experience in web development to take a stab at making a webpage for the band.

    The result is that, over the years, I’ve attached a handful of add-on domains to my web-hosting account. As my account has slowly grown, this has led to a combination of issues ranging from increased exposure to malware, privacy concerns, and sloppy .htaccess files.

    After a recent talk with my web-host, I’ve transitioned my web-hosting package to a reseller account, and have finally completed the process of migrating the add-on domains to independent, contained accounts. The result for each site will (hopefully) be reduced exposure to malware, improved privacy, cleaner .htaccess files, and — more generally — easier maintenance.

    While it would have been best for my hosting package to have been a reseller account from day one, this transition has taught me how to port web-mail accounts, email forwarders, and MySQL databases between servers. (Although my accounts are on the same server, the process is the same). More generally, the migration process has taught me about the challenges one can encounter while porting WordPress.

    From my early days of static websites, PHP and MySQL, and much later – WordPress, child themes, automated back-ups, and now a reseller account – it has been a long but illuminating road as a hobbyist web programmer. The lesson seems to always be “do it right the first time”, but often it takes making mistakes to learn that there is a right way of doing things.

    This post is part of the thread: Ralford.net – an ongoing story on this site. View the thread timeline for more context on this post.

  3. I Passed “The Test”: Surviving My First Hack

    Over the last day or so, I noticed that any posts added to Ralford.net as a “Link” were not appearing. Instead, they were displaying as an upload box next to a submit button. I ignored the issue for a day or two, and today noticed that the same was true of all old “Link” posts.

    Upon reviewing the files on my web host, I noticed that a number of malicious files and folders had been added over the last few days — I had been hacked!

    I have been backing up my site every Sunday using the XCloner plugin since May of 2013 and a cron job. In under 10 minutes, I was able to replace my entire WordPress folder with this past Sunday’s XCloner back-up, restoring my site to the last known good state. Though I did an export from WordPress prior to restoring, to my surprise, no posts added since the back-up were lost.  And all “Link” posts are all back to normal. (Though I failed to save a few uploaded photos before restoring — but I have back-ups of those elsewhere.)


    This post is part of the following threads: My Digital Backup Strategy, Ralford.net – ongoing stories on this site. View the thread timelines for more context on this post.

  4. I cringe every time I think about reworking old WordPress sites so all theme modifications reside in a child theme.

    File under: Live and learn

  5. The New Projects Page →

    By now you’ve probably noticed I’ve been putting recent focus into reorganizing my website. Over the years, I have have taken it through several transitions, themes, and page layouts, morphing it and tweaking it so it more closely represents me as a musician and engineer.

    Today, I am pleased to present the new Projects page.

    Up until now, the list of projects and people with whom I’ve collaborated or performed with has always been on a separate page from media. That old layout has always felt disconnected to me. I think the new page does a much cleaner job cataloging my journey as a musician, and it does so with audio samples sprinkled throughout. The two column layout was done with Carrington Build from Crowd Favorite. It took a little bit of setup and adjustment time, but was well worth the investment.

    Combined with my child WordPress theme (based on the FavePersonal theme, also from Crowd Favorite), this site finally captures things the way I have always envisioned presenting them.

    This post is part of the thread: Ralford.net – an ongoing story on this site. View the thread timeline for more context on this post.

  6. How Permanent is a Permalink, Anyway?

    As the New Year approaches, I recognize that I am a digital hoarder.

    I back-up my backups. My backed-up backups are backed up. My home network has been up and running on a uninterruptible power supply for 787 days, 23 hours, and 30 minutes. I’d rather not talk about what happened before the UPS — (nothing happened, really) — but I will tell you that if and when there is a power brown-out, any back-up in progress will calmly and quietly finish.

    I have electronic copies of every paper, email, spreadsheet, and computer program I have submitted to my professors, career people, friends, family, fellow musicians, and haters – anyone I have ever electronically interacted with, really – ever.

    With these interactions are my files and websites. They are up in the cloud, on network area storage, portable disk drives, and on my laptop too. I have such a robust backup plan that I plead with my friends to let me help them setup their websites so their back-ups happen on an automated schedule, and that routine upgrades don’t get “forgotten” about.

    Have you upgraded to WordPress 3.8 yet? Just press the upgrade button, damnit. But back it up first!

    I am the guy who stresses over the aesthetics of his CSS as much as he does the concern that someone somewhere in the world may have bookmarked or cited a link to a post he wrote eight years ago in a CMS he painfully coded from scratch, but no longer uses. What if someone’s future *depended on* that link and clicking it took them to a 404 error page? (Did you really think I was going to be that guy?)

    How permanent is a permalink anyway? By CNN’s standards less than eight years — (this now-broken link was cited in an old post of mine from ’05) — oh, snap!

    What will become of “permanent” links in the future? If a link exists to content that is no longer there, is the reference valid? Or, must we depend on the Internet Archive Wayback Machine to resurrect such cited webpages? (See what I just did there?) And what happens if the creator of a personal website passes on? Their website will serve as a memory for their friends and family, but only until their domain registration expires. Is it within reason to will our websites to our next of kin?

    As the New Year approaches, I publicly confess that I am a digital hoarder. I do not expect to change this in 2014. I don’t have my website in any kind of will, but there’s a good chance that in 2024, the permalink to this post will still work. Though, if something happens to me that prevents it, at least the rest of you can count on the Internet Archive Wayback Machine to recount the importance of backing up your digital data.

    This post is part of the thread: My Digital Backup Strategy – an ongoing story on this site. View the thread timeline for more context on this post.

  7. Chris Rattie’s New Website

    I’ve been working with Chris over the last couple of weeks to get his new website rolled out. We are proud to unveil chrisrattie.com this weekend!

    There are exiting times ahead for Chris Rattie & The Brush Valley Rumblers. I very much look forward to our upcoming performances at the Thunderbird Cafe in Pittsburgh (November 1st) and Elk Creek Cafe (November 2nd). Both are special gigs for me as the Thunderbird brings back good memories of Black Coffee supporting Lubriphonic (time has passed – that show was back in January 2011!). As for Elk Creek Cafe – I have wanted to perform ever since I first stepped into their room.

    This post is part of the thread: Chris Rattie & The Brush Valley Rumblers – an ongoing story on this site. View the thread timeline for more context on this post.

  8. Automated Scheduled WordPress Backups with XCloner

    Over the years, I’ve heard a few horror stories of web-hosts losing large collections of data that they’ve been unable to retrieve. I’ve always fallen into the “that’ll probably never happen to me” category, and have never taken back-ups more seriously than compressing my important folders and exporting my databases a few times a year. But, as I’m now managing more than five websites for family, a few bands, and a business – being able to regularly and reliably back-up all of their data has become a priority.

    In the past, my WordPress back-ups have been a tedious manual process. The most automation in scheduling my back-ups came from the monthly email reminder telling me it was that time again. Occasionally, I would run through my back-up procedure, dumping the MySQL databases for my sites, and packaging the files manually. But, between you and me, dismissing the email to worry about later was always the easiest way out. Even when I would go through with the back-up routine, the back-ups were not robust, as I infrequently pulled the database exports and compressed files down from my web host. What if my host went down, and all of my data was lost, including these back-ups?

    Meet the XCloner plugin for WordPress.

    This gem of a plugin backs up your files to a compressed package, drops the file on the hosted server, and provides options to beam it up to the cloud, via Amazon S3 storage, and also has the capability to send the compressed file to another location via FTP. With a cron-job, you can schedule XCloner to run back-ups automatically on any kind of schedule. The result is automated and scheduled WordPress back-ups of your MySQL databases and files, locally, and to the cloud.

    Go check out the XCloner plugin. It’s free, and has thorough documentation and support.

    This post is part of the following threads: My Digital Backup Strategy, Ralford.net – ongoing stories on this site. View the thread timelines for more context on this post.

  9. Ralford.net Overhaul – Redirecting Home-Brewed URLs

    Part I of the Ralford.net overhaul really happened when I transitioned to WordPress, so consider this post ‘Part II’. If you haven’t noticed, I made the decision way back then to keep my home-brewed PHP weblog at the root of Ralford.net, and I installed WordPress to its own dedicated subfolder that would be free from all of the unorganized files that live on my domain.

    Though this was a good organizational move, the original reasoning for this was to keep any bookmarked URLs to my site from breaking. If I replaced the home-brewed weblog at the root with the new WordPress weblog, the old URLs wouldn’t work. I moved forward with the decision to place WordPress in a subfolder, and dealt with the fact that any new visitors would need to be sent to “http://www.ralford.net/wordpress/”. I updated all of my social webpages to tell the world that my webpage was now at the subfolder, and crossed my fingers that no new vistors would go directly to the root of Ralford.net and see old posts I wrote back in 2004.

    Today, I updated the .htaccess file at the root to redirect all old home-brewed weblog URLs to an archive subfolder – and the attempt was a success!

    The first great thing this accomplishes is that it preserves a link to the content bookmarked by any of my home-brewed weblog visitors. If they bookmarked my old wiki entry on guitar maintenance (notice the link doesn’t have an ‘archive’ subfolder), they will now gracefully get redirected to the new location!

    Secondly, if our search engine friends take ages to update URLs of my old posts to their new ‘archive’ location, a non-updated search engine result will redirect the user to the new location instead of it sending them to a dead link with an ugly 404 error message (I know I know, after 5+ years I still haven’t created a custom 404 page).

    And finally, archiving the old content allows me to update content of the root. That will happen soon, but is still in progress (heck it took me nearly a year to take care of the archive redirects). My game plan is to turn it into a page for myself as a musician, and display a dynamically-updated list of dates for events my music projects are scheduled to play (you can see some of this code in action over at the Dirty Superb homepage, where our dates are pulled automagically from our MySpace page).

    And so, the Ralford.net saga continues…

    This post is part of the thread: Ralford.net – an ongoing story on this site. View the thread timeline for more context on this post.