If you manage any WordPress sites you owe it to yourself to learn how to use wp-cli.
I was able to easily switch a WP site’s address with three commands.
Tag: wordpress
-
Good bye WordPress, hello Pelican
This website has undergone various transformations over the last 10 years. Looking back at the first incarnations from 2003 shows a site that reminds me a lot of current day Facebook and Twitter. An example of my words of wisdom from 2003:
And tonight marks the end of a great TV series that it seemed like nobody was watching. Buffy the Vampire Slayer ends its seven season run with the episode “Chosen”.
I feel that this series never got the recognition it deserved, with such great episodes like Hush and Once more with Feeling, the creator Joss Whedon was never afraid to totally change your perception of characters.
At least Angel will be back this fall, and I’ve been buying the Buffy DVDs. The plan is to watch Season 2 this fall on Tuesday nights.
(I now own the entire series of Buffy on DVD, just in case you were worried)
In those days I was running Postnuke, and apparently by 2005 I had switched over to WordPress, which I had used up until last month. I have nothing against WordPress, and for a majority of users, WordPress is the way to go. For myself, I was getting tired of administrating the site more than writing and I wanted more speed without jumping through a bunch of hoops. So last month I switch to Pelican
Pelican is a website generator written in Python. The difference between something like WordPress and Pelican is that WordPress parses each web page as a user views it while Pelican generates the site ahead of time as html pages that can be uploaded anywhere. This means I can host my website any place that supports static web pages. I’m currently using a virtual private service (VPS) to host my website. When I’m tired of administrating my VPS, I can easily switch to publishing on Amazon S3. Other options include the Public folder in Dropbox or in Google Drive.
Another aspect of Pelican I really like is the ability to check my entire site into version control (git in my case). With version control, I can easily work on new branches of the site without disturbing the current site. And, if you’re bored, you can fork the repo of the site at Github.
My comments were already switched over to Disqus, and I was able to mimic the same urls from WordPress in Pelican. This allowed me to use my Disqus comments as is.
There are two pieces that I need to work on. One is to set up some way to schedule posts, and the other is a theme that’s not the default. Oh, I also need to go through all my old posts and fix the categories. WordPress allowed multiple categories per post, Pelican does not.
-
Speed up your website and get IPv6 compatibility for free!
Prerequisites
This is going to be a pretty high tech article, but the benefits
outweigh the work that it requires. I’m going to talk about using
cloudflare.com to cache your website and offer IPv6 compatibility.
For this to work you have to be using your own domain name and have
access to change the namerservers for your domain. If you cannot do
this, then you can’t take advantage of cloudflare.com.Caching
To speed up access to a website, the larger sites around the Internet
cache data as close as possible to the end user, usually using some sort
of content delivery network (CDN). For the enduser, that speeds up
access to the website, since instead of a US user having to transfer
data from a UK website, the US user would only need to pull it from a
closer server. There are also other tricks that CDNs use to lower
bandwidth usage and increase speed. Cloudflare acts like a CDN on your
behalf, automatically caching your website around the world.IPv6
IPv6 is the next version of the Internet addressing protocol, set to
replace the current IPv4. If you have an IPv4 address you can’t talk to
a user with an IPv6 address and vice versa. Most clients now support
both at once, but until all the connections between you and a website
upgrade their equipment and software to IPv6, you are still going to be
using IPv4 addressing for awhile. This isn’t true in Asia, where they’ve
exhausted their IPv4 addresses and there are users there that are only
getting an IPv6 address. If you only have an IPv6 address, then you only
have access to about 10,000 websites that are set up for IPv6.Enter Cloudflare
Once configured, Cloudflare manages connections to your website, caching
the content. And with a simple switch on their website, you can turn on
IPv6 access to your website. ryancollins.org is now on Cloudflare’s
network and should be accessible over IPv6.Should you sign up?
I’m going to run it for awhile and see if any issues crop up. I just
noticed the “Threat Alerts” on my dashboard, where Cloudflare already
has blocked a couple of botnets from accessing the site. I’ve played
around with different caching plugins for WordPress, but Cloudflare
seems like a lot better solution, especially since it doesn’t require
any work. đ -
I’ve been hacked and you can learn from my mistakes. đ
Hacked!
Yes, I let my WordPress installation rot. And it’s entirely my fault.
Wordpress makes it so easy to keep it up to date now that there is no
excuse, so I do accept full responsibility! I’m lucky in the fact that
all the hacker
did was rewrite my .htaccess file to redirect visitors to a malware
hosted site.After examining the WordPress database, it appeared that it hadn’t been
changed by the attacker, so I went about installing a new copy of
Wordpress. It went pretty smooth, and for right now I’m going for a
minimum amount of
plugins and keeping the design pretty basic. As I was restoring, I
began to think of what the hacker might of had access to and what I
needed to do to protect myself.-
I don’t know if the attacker had access to the filesystem or could
only append lines onto the .htaccess file. Why is this important?
Your MySQL password for your WordPress installation is listed in the
wp-config.php file. If you allow access to your MySQL server from
the outside world, an attacker armed with this username and password
is free to make changes to your database, even making themselves an
administrator. So before doing the installation, I changed my
password to MySQL. -
One plugin I use with WordPress is Automatic WordPress Backup.
This makes daily backups of my WordPress installation and stores
them on Amazon S3. What I realized after this hack was that if the
attacker had gotten access to administrator privileges, he could
have wiped out every single backup I have. Worse yet, they could
gain access to my access keys for Amazon S3. I went in and changed
my Amazon S3 access keys.
What I’m doing differently
-
I will be keeping up on WordPress updates!!!
-
The wp-config.php file, which contains some very important
information on your WordPress installation does not need to live in
a web accessible directory such as your main WordPress installation.
I moved it up a directory. For example, if you installed WordPress
in \~/public-html/, you can put wp-config.php in \~/. -
Once my installation was completed, I created a user for myself and
made it an administrator. I then logged in as my new administrator
account and deleted the default administrator. This protects against
hacks that target the default admin account. -
I switched to Disqus for comments. The blog only had one user, and I
didn’t want to worry about being hacked giving up reader
information. By using Disqus, I let them handle it. đ -
I installed the CHAP Secure Login plugin for WordPress. This
protects logins by encrypting the password. Since I don’t have an
SSL certificate, my password would be “in the clear” without this
plugin. -
I will be automating the download of my backups from Amazon S3.
-