In Defence Of WordPress

I’m very impressed with how much easier it is to maintain WordPress than back in the day. Especially when it comes to automatic updates.

The internet is verbally attacking WordPress again. I read a lot of hate towards WordPress for its latest security vulnerabilities that have become public. What I don’t see is praise in how those updates are handled and distributed to its millions of users. Cross-Site Scripting Vulnerabilities The last 2 weeks, 3 major security releases have […]

Source: In Defence Of WordPress

Six day checkpoint on VPS

It has been 6 days since I moved my site to a Digital Ocean VPS and so far everything has worked perfectly. The site is blazing fast and so far, the reliability issues the last time I tried this seem to have not reappeared (yet).

The next step I think is figuring out what I want my site to be. For about ten years, it has been a blog where I may post once every month or two. I don’t want it to be that for the next ten years.

Securing WordPress in 2014

I thought I would share some of the WordPress plugins I use to protect my blog. I tend to lean towards smaller, single purpose plugins vs. the large security plugins that claim to support every security “feature” you can think of.

  • Akismet – The best comment spam flighted out there and it benefits in real time from all of the different WordPress sites contributing information on the latest spam attacks.
  • Bad Behavior – This helps protect WordPress from obvious bots and traffic originating from suspicious IPs. Almost like an intelligent firewall.
  • Limit Login Attempts – This blocks those who are trying to login to your WordPress instance by guessing a correct username and password. This plugin hasn’t been updated in two years, but seems to still work quite fine. I set a very low threshold to get blocked and make sure that IP stays blocked for a very long time.
  • Stop User Enumeration – Especially in the past year, I started seeing many login attempts (thanks to Limit Login Attempts) that used the correct username to login to my blog. After some investigation, I found this plugin that blocks a particular way that WordPress leaks the username of a blog.

There are other techniques I use, but I won’t share them for now since I’m still tweaking them.

A new home and domain

I’m pleased to announce that my web site / blog now has a new home. I have consolidated my domains from and to Additionally, this is now hosted on a Digital Ocean VPS.

Consolidating Domains

I’ve been blogging now for about 12 years, with archives dating back 10 years. In the past, whenever I wanted to talk about a new subject, I generally just purchased a domain name and setup a new blog.

However this came with a number of downsides:

  • Multiple WordPress instances are a pain to administer, especially when there is security and plugin updates.
  • I felt like my thoughts were scattered across multiple platforms and not benefiting from being collected and promoted on a single site.
  • I found I was far more likely to neglect my sites.

Additionally, since I purchased several years ago, I have been wanting to have be my digital home. This seemed like a great opportunity to consolidate everything. and will eventually redirect here, with their archives imported.

Life in the fast lane

I have been less and less impressed with Dreamhost over the years. Their shared hosting seems to be so slow these days. I would wait seconds for WordPress pages to render. There is little control over the server and limitations to what I could do.

Running on a Digital Ocean VPS has been a revelation:

  • It’s insanely fast out of the box. Even the WordPress admin pages render in milliseconds it seems.
  • I have made the switch over to NGINX, which means even faster rendering and the ability to withstand the single digits of users hitting my site.
  • I’ve been able to do snapshots of my server’s configuration so I can instantly revert to it if needed.
  • I now have all server transactional email going through Dyn Email Delivery.
  • I can now experiment with the server’s configuration and try new tools, expanding my knowledge of administering Linux servers.

So far, so good on this experiment.

Maintaining my Internet presence

Yesterday I wrote about my plans to transition this site over to in the near future. Yet an event today reminded me about something I have been thinking off and on about for the past few months. Why should I run my site on my own server?

This afternoon I was doing my usual after work routine online, catching up on my e-mail, RSS feeds, and Twitter. I happen to go to my site ready to jot down a few ideas for a blog post. Eventually my web browser times out connecting to this site. I try my other sites on this server, nothing happens.

I groan, as I know immediately what the problem is. My server (running Ubuntu 9.04), despite several rebuilds and reconfigurations, will randomly spike to 100% CPU usage and become completely unresponsive. Cannot SSH into it, cannot even serial console into it. I have to do a hard shutdown of the server then power it back on, hoping that I did not corrupt the database in the process. Who knows how long the server was down, could have been hours.

This gets me thinking. Is there really a need for me to run the latest WordPress on my own server? Do I have the time and energy to keep this server secure, up-to-date, and with as close to 100% uptime as possible? Do I really want to troubleshoot obscure issues on an OS I know very little about?

My gut says I want the power of WordPress so I can eventually unveil my awesome web site that I keep promising for years, that this server is a great learning experience for not only hosting my own site, but making sure everything just plain works.

My head tells me that I have been promising that awesome web site since I registered , which was 8 freaking years ago. Point the DNS records to Tumblr for and begin fresh there, with a simple blogging platform that does the few things I have ever done with this site. Let Tumblr worry about uptime, security, and providing an awesome site for me. Maybe it will make me write more.

As I ponder this, I did some tweaks to my Apache installation since I did find some log entries that suggest the server ran out of memory. Let’s see if this fixes the problem. If not, I may press the kill switch on self hosting WordPress.

Updates to the blog

A few updates to my blog:

  • I am now using WordPress 3.0 on this blog.
  • I have switched to using the new default theme in WordPress 3.0.
  • Given the lack of discussion on almost all of my posts and the amount of comment spam on old posts I see despite several comment spam plugins, I have decided to experiment with turning off all comments on posts older than 30 days. I am interested in seeing how this turns out.

Wish I had known this sooner

I just found the instructions for automating a WordPress upgrade via Subversion.

This sounds really neat. I think I am going to try it. I know manage three different WordPress sites and finding even that low number is a pain to upgrade easily when new versions come out. This method sounds like it can take a lot of that pain out of the way. Especially as I add more WordPress sites to my maintain list.

What I would really like is figure out how to automate this with AppleScript & Shell Script so I can just double-click an icon, type in what version to upgrade to, and have the whole thing done with no intervention.

Sounds like a good little project to learn UNIX shell commands. For all of my computer knowledge, I know next to nothing about UNIX and shell commands. Might as well start now and expand my knowledge. I will share my experience with this on here in the near future.

Akismet Worst Offenders plugin

Ever wanted an easy way to sort through all of that spam caught by Akismet (just now, I had to look at 175 spam comments since yesterday)?

Akismet Worst Offenders plugin is just for you. It groups your suspected spam comments by IP address or web site. Then a delete button allows you to easily delete those bulk spam comments right away.

The results are a lot less spam comments to filter through, which allows you to make sure no legiminate comments are captured by accident.

Fantastic plugin and I imagine it will become part of the regular Akismet plugin very soon.