Atelier Shiori

Much more than crafting Ice Cream.

You are here: Home / Archives for Wordpress

Finally HTTPS

by Leave a Comment

2015-12-20_15-31-35

See the green padlock? The traffic is now encrypted.

I have planned on switching to HTTPS for various reasons not because Google now gives a small boost for sites that implement HTTPS, which implements encryption. These days, people are worried about privacy and HTTPS fixes this by encrypting HTTP traffic with a SSL certificate. This insures that traffic is not being snooped by hackers.

While it’s not necessary to implement HTTPS to WordPress blogs, but it gives some benefit such as increased ranking, enabling Google Chrome notifications (since that requires SSL) and improving the security. Encrypting traffic gives a slight performance penalty, but it’s small given how powerful server processors are.

To get SSL, you can get it three ways: buying an SSL certificate (which is around $7-9 for a single domain and $30 for three domains at Namecheap), using Cloudflare or use Let’s Encrypt. I had to get a multi-domain certificate since separate certificates were not working with my site. If you just run one site on your server, this won’t be a problem.

For a VPS setup, you simply need to create another vHost pointing to port 443 and add the following to your vhost configuration (example uses Let’s Encrypt):
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/yourdomain.tld/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/yourdomain.tld/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/yourdomain.tld/fullchain.pem

And that’s it. After you have your HTTPS up and running, change your blog URL in Settings > General and add HTTPS to the blog URL. After that, install the WordPress HTTPS plugin to automatically redirect all the content to use HTTPS so you won’t have mixed content errors.

To maintain your search rankings, you should redirect HTTP to HTTPS automatically. Do this by adding the following to your .htaccess file:
RewriteCond %{SERVER_PORT} !^443$
RewriteCond %{HTTP_HOST} ^(www\.)?yourdomain\.tld [NC]
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://yourdomain.tld/$1 [R=301,L]

This will allow search engines to direct current search results to HTTPS instead of HTTP and preventing the search engine indexing your content twice, which can reduce your search rankings due to duplicate content. If you did everything right, you should see a padlock or a green padlock on the address bar.

Remember: Always Back up your Website!

by Leave a Comment

Just today, a fellow Anime blogger named Calaggie who runs Nigorimasen recently discovered that somebody hacked it and deleted all the content. It’s a shame that all the content the person worked hard on got wiped in an instant.

People who are running self-hosted WordPress blogs don’t realize that blogs that run WordPress are subjected to brute force attacks (basically an automated attack that guesses every password combination) in effort to gain control and use it to plant malware or even deface a website. If you host your own WordPress blog, you should do the following to prevent this from happening:

  • Have off-site backups – For most web hosting providers, you can perform a backup through CPanel, but you should keep the backup offsite in an event that you are unable to get a backup before the attack. For a Virtual Private Server, this is easier since you can just use rsync to another service or host after making a backup of the database and an archive. Also, some Virtual Private Server providers like BuyVM and Digital Ocean also have automatic backups (although the latter, it’s an additional cost). For me, BuyVM provides 5 GB of backup space and I created a scheduled task to back up and upload the files to the backup space. Also, Amazon S3 can be an affordable solution for backups as well. If you can’t afford offsite backups, just create a reminder to download a backup each week.
  • Check your plugins and themes – Plugins and themes can potentially have vulnerabilities that can be used by attackers to gain control or plant malware on the site. Therefore, you should keep the plugins updated regularly and only use themes from trusted sources.
  • Install Security Plugins: Plugins like BruteProtect (which will be included in Jetpack), Limit Login Attempts, and Rename wp-login.php can be good tools to protect you from brute-force attacks.
  • Use a strong password for your WordPress and web hosting accounts– This is obvious, but people have the tendency to use weak passwords since they are hard to remember. If you have a hard time remembering passwords, use a password manager like Lastpass or 1Password so that you can generate strong passwords without having to remember them. Also, avoid using FTP since  passwords are sent in clear text, use SSH/SFTP instead (most FTP clients should support SSH).
  • Keep WordPress Up to Date – Usually, WordPress updates fixes security issues. However, you can set it to update automatically.
aside

Just as Planned on WordPress Themes

by Leave a Comment

This morning, I came across a rather interesting post focusing on WordPress themes. It’s a known fact that many of the blogs that are in the tournament are hosted by WordPress.com. But one of the things that author failed to mention that these limitations doesn’t necessarily apply to WordPress in general, but only on WordPress.com blogs.

One of the things that bother me about WordPress.com besides the fact that you must login just to comment is the severe limitations on how much you can customize a theme. Sure, there are some themes that have an array of customization options like Twenty Ten/Eleven, but others don’t. As a result, blogs look about the same, which bothers some people. To make it more troubling, the Custom Design upgrade costs $30 a year. It’s expensive, especially if you add the domain mapping costing about $18. For 2 years, you will pay about 96 dollars ($48 dollars a year), which is enough to get shared hosting if you pay a little more.

Although WordPress.com is a decent platform if you want to blog without spending anything or maintaining a self installation. However, if you grow and become popular, you might realize the limitations. This is when it’s a good time to get self hosted. There are some places where you can host your blog for free such as Kokidokom and others as long it’s related to Anime in some way. Although self-hosted installations take some effort to maintain (and you have to make backups), they are worth it in the long-term as there are more options to customize.

aside

New Theme~

by Leave a Comment

I have noticed that Mandingo is displaying most of the content incorrectly and creating some glitches, so I decided to throw the theme out and make a new one for Shiori’s Diary. After hours of readding the Woo-tumblog features to the theme and messing around with the CSS and HTML, I have finally made a theme that looks noticeably better than the previous.

The new theme is a child theme of Twenty Eleven, a theme included in the Wordpress 3.2 default installation. The benefit of this theme over the old one is custom menus support, HTML5 and a better design. Sadly, they have removed the displaying of the sidebars in single posts and pages, so I had to change the CSS and PHP to add them back.

If you notice any glitches or have any suggestions on improving the new theme, just make a comment below. The design is not final since I have to make a few more tweaks and make a new banner, so it’s subject to change.

Update: Fixed the custom fonts issue in Firefox. Apparently, it does not allow loading of custom fonts from different domains.

aside

Conversion to Tumblog WordPress Plugin

by 2 Comments

From this day on, I will not be using P2 as the front end for this sideblog. Instead, I have installed Woo-Tumblog to make this blog operate more like a tumblr without losing any functionality. If you are considering to move from Tumblr to WordPress, there is a site that will allow you to export all your content to a WordPress XML format so you can import.

Mandigo P2 integration will still be developed, but won’t be used actively.

aside

P2 Mod for Mandigo 0.3b is now released

by Leave a Comment

This release incorporates most of the P2 1.1.6.2 fixes. In addition, I added better looking buttons with the help of Zurb’s tutorial. This new button will work in Firefox, Safari, Chrome, Opera and Internet Explorer 9 Beta.

This release has the mod integrated. To install, upload to wp-content/themes folder and activate in the WordPress Control Panel.

Download Page

In addition, the P2 Mod for Mandigo page has been moved to Chikorita157’s Projects.

aside

Tumblr is not what is cracked up to be…

by 2 Comments

Our close friend at I Think I’ll Pass finally transitioned his tumblr back to good ol’ WordPress.(original tumblr still open for socializing)

Although tumblr is dead simple for most people, once you want stuff like native commenting, better archives, categories, PuSH, etc, tumblr won’t cut it. This is a reason why I never caught on with Tumblr fully since I am a power user and I am so used to all the extras in WordPress. So much that I wouldn’t give it up for Tumblr.

Also, setting up an extra WordPress blog isn’t really hard nowadays. You’ve got fantastico, WordPress Multisites or perhaps your host have an auto installer for WordPress. So yeah, accessibility isn’t a big deal.

aside

Tips: Backing up your WordPress Blog

by Leave a Comment

Remember the time when Kokidokom went down last month? Well, it’s always a good idea to backup your blog just in case so you won’t suffer extensive content loss. WordPress has multiple ways to backup your blog. I will outline some of the ways you can back up your blog.

1. WordPress Export

While the built in WordPress export feature won’t export data generated by your plugins, it allows you to export the most important stuff like your posts, pages, comments, categories, tags and authors. To use this feature, go to Tools > Export. From there, you can download the XML file containing all your content.

Wordpress Export Page

To restore your backup, just go to WordPress > Import to restore your posts.

2. Database Backup

If you don’t want to lose your plugin settings, links, etc, you might want to do a database backup. The easiest way to get a backup of all your WordPress Database is getting the GD Press Tools Plugin. After you activate it, go to GD Press Tools > Database. Click on the Backup Tab and be sure to uncheck DROP IF EXISTS. Then, click Backup. A backup file will generate and be shown in the list of backups available to download.

To restore, use phpmyadmin.

There are other WordPress plugins out there that allows you to do the same such as WP-DB-Backup that allows you to set automatic backups. If you have access to CPanel, that is also another way to obtain your backup via phpmyadmin.

After obtaining the backup, it’s always a good idea to test your backups… sometimes they don’t export properly, leaving you with half of what you should have. For instance, if you want to test you backup, download and run MAMP and import your SQL file using phpmyadmin on localhost.

If you are not comfortable with the mysql database, a WordPress Export would be the best way to go.

As for downloading the site files, you must manually do that by dragging your site files from FTP and putting them into a folder on your computer. The best idea is to do this every few months so you won’t lose your pictures, themes and plugins.

Follow me on Twitter

RSS Chikorita157’s Anime Blog