UPDATED: 01/26/2013: Added some updates on securing your installation.
UPDATED: 07/05/2013: Updated some information on Jetpack and on gallery tools.
UPDATED: 07/18/2013: Added a great post on wordpress.org for securing your blog.
UPDATED: 05/12/2014: More on plugins and configurations to protect your blog.
UPDATED: 05/31/2016: Beware the Theme and its quality.
Over the holidays I guess I decided that I just couldn’t deal with the limitations of the free wordpress.com service anymore. So what’s a blogger to do? After four years of blogging I’ve come to like the creativity and the ability to focus on something different from my normal world of software programming, architecture, and technical geek-dome. However on wordpress.com you only get a little bit of control. I want more control over look and feel and more control over the features and functions. Before we go further – wordpress.com is a great service and I’ve very much enjoyed using it – so no bash here on the .com services. So then – what’s the issue? Read on…
WordPress.com Pro vs. Hosting
This is a fairly simple decision for me, but maybe not for you 🙂 Over the summer I bought a domain and hosting plan through Mochahost.com becuase I wanted to do some wacky things with Java server side programming and web service programming. This is where House of Beor, Llc. Labs are hosted. Included in my package is PHP hosting – thus I can host a wordpress blog there. I’m paying for the service – so why not? I could also pay wordpress.com some bucks to get the kinds of privs I want for control of look and feel, but wordpress.com will not allow the use of plugins of your own AFAIK…writing my own plugins might be interesting…so decision is made – I will build my own blog!
Where to Start?
That’s easy – wordpress.org – the first thing to do is go and see what is the software, how does it work. Here’s a couple of great links to read:
After a few minutes there – its off to my hosting site to see how I can install things – like many hosting providers, mine has an online admin console that I can use to install a bunch of stuff with “softaculous” scripts. Getting a bare bones wordpress blog installed is as easy as going there typing in a few parameters and clicking “go”.
While doing that – it is a good idea to consider what you are doing on the old blog – posts, images, settings and write all that down so that you have a starter list of things to make sure you get working on the new blog. For me this boiled down to:
- I need an export/import to get all my posts over to the new site
- I need to get comments and spam control working – I get a crapload of junk
- I need themes I like
- I need Facebook and other social integration would be great.
- It would be great to have some kind of SEO or traffic generation stuff
- How will I close down the old blog and not lose all my readers? Comments?
- How will people make comments without a hassle?
A Theme is More than the Look
First thing to check out is a new theme – as you might know I started with this – experimenting with new looks and feel on my old blog and then finally on my new one. I tried out a bunch and finally picked Graphene becuase it was pretty simple looking, had the column support I liked, allowed me to mess around with the header space, and the CSS seemed simple and clean – I also liked the slider story thing that it has – cool stuff – and I can set whatever the heck width I want! Done deal.
Its a good idea to check out a couple of other sites that use the theme – or install it in a test server and check the actual code. For example does it correctly produce Facebook og tags and things like that. A theme that does not correctly integrate with Facebook, Google, etc. can kill your SEO pretty fast.
No aspersion cast on Graphene BTW…this is a general comment. I had no issues with Graphene, although I no longer use it.
Plugins – Akismet
The next thing – the barebones wordpress install has only two plugins – Aksimet and Hello Dolly and yeah that second one is useful…so what do I need? First priority – Akismet is an absolute must have. This is the tool that helps to manage all the spam posts and junk crap from all the jerks and weenies out there. I had some trouble with this – first you need to go register and get a key. Then you need to enter the key in your plugins settings – protect that key because it is like a password. I deleted mine – if you get errors there will be a grey box on screen.
I had some trouble with this – you need to make sure that your hosting provider has outgoing ports to www.akismet.com and rest.akisment.com open and a couple of basic PHP parameters open – check the link above for the details. Even with all that taken care of I still couldn’t get the key confirmed. Finally I posted a support question to them, they contacted me, and all of sudden it started to work – brilliant!
Plugins – Stats
Here’s where I goofed. I looked around for stats tools like on wordpress.com and like Drupal, the WordPress site’s plugin list is a PITA to find stuff. I installed some tools, they sucked and later on figured out there is this “Jetpack” thing (see below) that is an aggregation of a bunch of cool things. If you want stats – get Jetpack and save your self a bunch of time.
I use OpenID…its cool…and this is how I can save some hassle for my users that want to comment. OpenID also allows gravatars to work (Jetpack helps with this too). Before you install OpenID you need to install the XRDS Simple plugin. It is pretty simple to install, but it helps if you were already using OpenID on wordpress.com. Once OpenID is installed you can add and link your existing OpenID accounts from wordpress.com to the new blog through the admin tools.
Plugins – SEO
I’m using the uber-SEO tool for WordPress – WordPress SEO. There is no better tool. If you don’t have it – get it. Supports just about every feature you can think of although getting hit count up is a major struggle in today’s internet where control is very tightly controlled by the major hosts and players.
WordPress Backup to Dropbox
I need to sleep at night. I’m proud of all the things I’ve written. To sleep well I need a backup plan. I sleep well with this plugin. I get a weekly dump to dropbox of all media and the database. I’ve been able to build out dev instances of all my content with this plugin. I feel confident that I can sleep easy knowing that this plugin is working. Highly recommended.
05/31/2016: I’ve switched over to Updraft Plus as my backup plugin. Backup to Dropbox was not getting regular updates and for some reason was no longer working correctly. With Updraft Plus I get confirmation messages that the backup was completed and so far everything has been backed up ok after 8 months of use.
So I didn’t install Jetpack right away – ok – mistake. Do it. There’s a bunch of cool things – stats, social tools, math stuff, lots of cool stuff. What’s in there that is useful? Numero uno is the sharing stuff with social sites – you need that to get people coming to the new blog site and not the old one. Shortlinks, gravatars, and the Embeds are pretty cool parts to fiddle around with.
Image Galleries and Lightboxes
Jetpack is constantly getting updates – since introduction, publicity tools have been added and the image gallery support has improved quite a bit. I’m using the Publicity tool – works nicely, however the gallery tool is not too good.
I’ve removed Highslide, because it seems to have bugs and is no longer maintained from what I can tell. I am now using Image Gallery Reloaded in combination with wp-jquery-lightbox for galleries and for single image lightbox effects. These two combined work pretty well. I’m still working to configure the look of the lightbox.
Ok now I’m using Wunderslider. The options are better and it simply performs better across browsers. It does not offer a click to a light box feature, but overall it is a better gallery tool. Individual images can still do a light box with wp-jquery-lightbox.
There are some things you should do to better secure your site:
- Here is a great post: http://codex.wordpress.org/Brute_Force_Attacks
- Make sure passwords are good ones;
- Make sure that you have a separate account from the admin for doing things – admin should be used for admin work only; do a backup – then do another one.
- Create an admin account with a secure user name like “Myadm1n1sth3b3st!” and then delete the “admin” account so that people will not try to brute force attack that account.
- Install a plugin that limits the number of times you can attempt a login – Limit Logins is a good one. There are a few others. Be sure to familiarize yourself with how to over-ride this plugin when someone tries to crack your own id and you are locked out.
- Never ever post something to your blog with your secret admin user! You don’t want anyone to see this id or then they can brute force the id.
- Always keep your blog up to date with the latest changes and monitor traffic every day.
- For user registration make sure to add a captcha block like Cartpauj Register Captcha to make sure you are immune to robots at the registration page.
Import The Old Site
There is an export/import capability, but it does not really work all that well. I exported everything from my wordpress.com site – what it generates is a pretty big XML file. You can then try to import this into the new blog. I got almost everything moved over except a lot of my images. My images would not move over – probably because my hosting contract does not give me enough resources to make it work. I’ve been slowly moving over images, but it is a pain.
I plan to shut down comments on the old blog soon and start pushing up the SEO and social stuff to try and get people moved over. I’ll also put together a final blog page with links from the old site to the new one and then remove all the old posts from the blog. We’ll have to see how that goes.