Answers to Your Questions

Blue Host Servers Down Due to Power Outage in Provo, Utah

May 25th, 2010 | 5 Comments | Filed in Answers to Your Questions

Today, from about 2:10 to 3:10 MT (by my calculations) my bluehost.com and hostmonster.com hosted websites were down.

Twitter provided some clues as to a power outage, and I searched for Blue Host’s headquarters and found the Salt Lake Tribune’s article about Provo, Utah’s massive power outage.

Within 1 hour, the sites were all back up, but tweeps around the country were ready to stage protests and transfer hosts as a result.

I don’t know how old WordPress bloggers are, but I still remember the days when I had to put two 5.25 inch disks in my IBM XT computer to boot it up, which took several minutes. I had to swap out the data disk with the applications disk to save my work. The only way to communicate with someone rapidly was via FAX machine, which required typing a letter on a typewriter, printing it and then dialing a number. In other words, compared to the 21st century, it was like having to send all your communications via Morris code on a telegraph machine.

We have such HUGE expectations in our new computerized era of how things should work. Mostly, we want it fast, and we want it NOW! And if we don’t get it now, we feel tremendously frustrated and put out, even when we’re paying less than 1/3 the price for a shared hosting plan than we would have a decade ago.

Down Time

I’m grateful for power outages. They remind me of the reality of this physical world unconnected by fiber optics and electrical grids. I spent three weeks in West Africa last year, where the Internet speed was 2 kbps. Twitter.com wouldn’t even load. I could tweet via my cell phone but could not access Twitter’s home page or any of its settings pages, making it impossible for West Africans to even set up a Twitter account.

The night I landed in Accra, Ghana, I was driven to my friend’s house, where the street and courtyard were in complete darkness. I was led to a room lit by a single candle and told, “It’s lights out.” “Lights out” was expected in Accra and there were no backup generators. The electricity just inexplicably goes out city wide a few times a month. People hang out and talk and dance a lot more than they do here, maybe because they aren’t always plugged in.

Today, via Twitter, I was able to ascertain within minutes what was happening with Blue Host, and by the time I got around to reaching my client’s whose sites are hosted on Blue Host via phone, the sites were back up.

Maybe we should use power outrages as an opportunity for real down time — get offline for a short while, take a walk, smell the spring blossoms, and just “be” for awhile. After all, we’ve got it pretty damn good compared to other countries and the days of the first PCs, and maybe we don’t need to have all our needs gratified instantaneously all day long.

In the past, we put up with all kinds of outages and breakages and shortages. It was something to be expected from life. Things don’t always work, and the power sometimes goes out. Time to chill.

Happy blogging! May the force be with you and your backup generators never fail.

How do I move WordPress from a subdirectory to the root directory?

April 27th, 2010 | 4 Comments | Filed in Answers to Your Questions, Installation

Q. I’ve installed my website in a subdirectory of our domain, because I didn’t want visitors to see the site until I was finished with our development.

Now I want to have the site show up in the root directory (not in the http://mydomain.com/wordpress directory). How do I do this? I’ve read the information on moving WordPress, and it seems really complicated.

A. The good news is that you DO NOT need to MOVE WordPress in order to have your content display without the subdirectory name. In fact, installing WordPress in a subdirectory is the preferred by many.

Installing WordPress in a subdirectory is good because:

It keeps your root directory clean and tidy (in case you need to add any other PHP applications to your site).
It adds another layer of security by obscuring the location of your WordPress application files. Ideally, you want to name the subdirectory something not too obvious (ie don’t call it wp or WordPress).

So, go ahead and do all of your testing and development with WordPress installed in the subdirectory. When you’re ready to go live, please follow these detailed step-by-step instructions from Bizquarium.com to simply tell WordPress that you’d like all the files to display from the root directory:

Keeping It Simple: Install WordPress in a Subdirectory

Note: If you are using Cforms contact form plugin for WordPress, you will need to tell the Cforms javascript that Cforms is in a subdirectory. You’ll want to do this BEFORE you activate the Cforms plugin. Hyperarts.com created a good post about how to do this:

Telling Cforms JS that WordPress is installed in a subdirectory

How do I set up RSS Feeds on my WordPress website?

February 10th, 2010 | 5 Comments | Filed in Answers to Your Questions, Theme Customization

Q. How do I set up RSS Feeds and enable email subscription to feeds on my self-hosted WordPress website? Also, how do I promote that feed elsewhere (like on my LinkedIn account)?

By default, WordPress comes with various feeds (http://codex.wordpress.org/WordPress_Feeds). These different feeds are invoked via template tags in the WordPress theme header.php file. You can customize the feed a variety of ways, to include comments, for example, or feed just one category of your blog.

As long as your theme has a feed link on it, you can use the default WordPress feed. However, the default feed doesn’t give you statistical information about the number of subscribers to your feed without using a third-party plugin.

For RSS Feed subscriptions and tracking, many people redirect (aka “burn”) their default WordPress feeds using Google’s Feedburner (http://www.google.com/support/feedburner/bin/answer.py?hl=en&answer=78483). Google Feedburner can track every possible subscriber. It will forward for your main posts feed and optionally, your main comments feed as well.

1) To get started, you’ll first need to “burn” your feed with Feedburner:

Visit http://feedburner.com and log in to your Google account. (If you don’t have one, create one.)
You’ll be prompted to “burn a feed right this instant.” Simply type the URL of your self-hosted WordPress site. Feedburner will automatically detect any feeds coming from the site based on your theme set up.
Choose the feed you want to burn (usually the Posts feed).
You’ll be given an option to give the feed a title and a name (see screenshot to above).
Click the Next button.
The URL for your feed displays. Be sure to make a note of this! We will use this address below to redirect the feeds to Feedburner using a WordPress plugin. (In my example to the right, my feed address is: http://feeds.feedburner.com/WPClass). This URL can be used other places as well, such as promoting your Feed on your LinkedIn account.
You can then choose various stat options.
If you want to allow people to subscribe to your feed via email, click the Optmize tab on the next Feedburner page and click Email Subscriptions and activate email subscriptions. You’ll be given some code that you can optionally use on your website if you want to have form field for people to enter their email addresses. Otherwise, the RSS link on your website will give them that option after they click the link.

2) Next, you need to tell WordPress to redirect your default feed to Feedburner:

Install a Feedburner plugin.

There are two to choose from that I like:

Feedburner smith: Feedburner plugin from Google. Has various options for burning your feed.
FD Feedburner: I prefer this simple feedburner plugin by Flagrant Disregard.

Enter your Feedburner address (step 6 above) in the plugin’s Settings (if you’re using the FD Feedburner plugin – see screenshot below).

3) Finally, you’ll want to use a cool RSS chicklet in your sidebar or header that links to your feed.

Most WordPress themes have an RSS icon built in. If yours doesn’t, you can add chicklet as follows:

From your Feedburner.com account, click Publicize and click Chicklet Chooser. Some nice code will display that you can copy and paste into your template or a sidebar Text Widget. This is your run of the mill RSS chicklet.
Alternately, you can design your own or download one of these: http://www.hongkiat.com/blog/really-cool-rss-feed-icons/
If you decide to use your own chicklet, you can still use the code from Feedburner. You’ll simply change the link to the Feedburner image (<img src=”http://www.feedburner.com/fb/images/pub/feed-icon32x32.png” alt=”" style=”border:0″/>) to the location of your chicklet on your FTP server (such as http://mysite.com/images/my-cool-feed-icon.png).

3 Great Plugins for Embedding Video on WordPress Post or Page

December 7th, 2009 | No Comments | Filed in Answers to Your Questions, WordPress Plugins

Q: How do I embed video on my website?

A: The answer to this question depends on who owns the video and where it is hosted. If it’s a video you’ve created, and you want to host it on your site, then you’ll want to convert the video file (whether it’s an .mov, .avi, or other format) to flash (.flv) and use a flash player plugin (see below) to embed the video on your blog post or page.

The Adobe Flash Video Encoder (or Adobe Media Encoder) can convert a variety of file formats to flv (Flash Video). MPEG Streamclip is a very powerful video converter program with options for resizing the video, sampling sound, etc. and exporting as flv.

Be sure to resize the video to the size you’ll display it online and use the appropriate video codec (H.264 or On2 VP6). See http://www.adobe.com/devnet/flash/quickstart/video_encoder/ for some useful information about Flash and video encoding even if you’re not using the Adobe Media Encoder.

1. Hana Flv Player

This flash player has elegant, simple skins and many options for how to use them. A “short code” can be used to quickly insert the video into a post or page. Be sure to read the readme file that comes with the plugin and visit the plugin website for more configuration options.

Download here: http://wordpress.org/extend/plugins/hana-flv-player/

I used the minimal version of the Hana Flv player at AdvertusMedia.com. It works great framed in the div on top of a background image of a television:

2. vipers-video-quicktags

Vipers Video Quicktags embeds all kinds of video easily, including YouTube, Google Video, Vimeo, and self-hosted Flash Video.

Picture-449

Download here: http://wordpress.org/extend/plugins/vipers-video-quicktags/

3. WordTube

Alex Rabe’s awesome plugin makes it easy for you to manage a lot of different Flash files and insert them into your WordPress posts and pages. It uses the JW Player by LongTailVideo.com, which has many flash vars (settings) you can use to control the look of the player.
screenshot-1

Download here: http://wordpress.org/extend/plugins/wordtube/

More: Embedding Video from Other Video Hosting Sites

If you’re want to embed videos from other video hosting sites, some plugins for that include:

WordPress Video Plugin: http://wordpress.org/extend/plugins/wordpress-video-plugin/
TubePress: http://www.tubepress.net/
As well as Viper’s Video Quicktags (see link above)

Do you upgrade all of your clients sites every time a new version of WordPress comes out?

December 5th, 2009 | 1 Comment | Filed in Answers to Your Questions, WordPress Security

Q: If you develop websites with WordPress for clients, what do you do about upgrading their sites? Do you upgrade all of your clients sites every time a new version of WordPress comes out? Do you only upgrade when there’s a security risk? Do you tell your clients before you start that you will be upgrading their sites periodically, and there will be an additional charge each time you do it? Do you have a fixed price for upgrading, or do you charge by the hour? Sometimes it only takes a few minutes, but if a plugin doesn’t work with the upgrade, yikes, it could take a long time.

On another note, if you have a client who wants a static site and they will not be updating the content very often, do you still develop their site in WordPress? It seems like there are less things to worry about with a straight html site, because you don’t have to update the software or deal with security issues. Are there times when you think Dreamweaver (or another html editor) is more appropriate than WordPress?

Because of the security risk of PHP and MySQL, I think we need to be sure to explain to clients before setting up their WordPress sites that the WordPress application must be regularly updated. PHP risks are only going to increase over time, and the only way to protect websites is to keep up with the WordPress updates. The one-click update is great, but when 2.9 comes out, there will be many plugins that won’t work and that’s going to make updating a headache.

Here’s what I recommend:

1. Make sure the client understands the security risks of using a PHP web application.

Make sure YOU understand the security risks and how vulnerable PHP is to attack. Its popularity in web applications is making it more so. This includes other CMSs as well – Drupal and Joomla – as well as proprietary ones. If a client’s site gets hacked and it goes unnoticed for a time and the Google bots detect weird stuff coming out of the site (malicious code, etc.), then the site could be kicked off the search engine.

2. Make sure your client understands that in order to avoid having their site hacked, the WordPress version must be kept up to date.

This may take a few minutes once every 6 months or a couple hours if you’re having to deal with plugin issues. You can put this in your contract with the client to perform necessary security updates and estimate the number of hours (or minutes) each year for this based on the complexity of their site. All computer and website applications should be kept updated, and WordPress is no exception.

3. Choose your plugins wisely.

Try to write your own get_posts or wp_query queries (see http://codex.wordpress.org/Template_Tags/get_posts and http://codex.wordpress.org/Function_Reference/WP_Query) rather than use plugins whose developers do not keep their plugins up to date. Most of the more popular plugins are updated in anticipation of the new release of WordPress. Find plugin developers you can trust and be sure to make a contribution to their plugins.

4. Be sure to include in the cost of site development implementing various “hardening” or security steps.

Please see: Assesing the Security Risk of Using WordPress as a CMS for links to good articles on how to secure your WordPress install.

5. Understand the client’s needs.

Does the client need a CMS? Will creating a 4-page brochure site using Dreamweaver (and Contribute) meet their needs and goals in terms of interactivity, search engine optimization, ongoing updates, etc.? A site with more than 12-15 pages often becomes difficult to manage in flat file layout.

Having continually fresh content or being able to use various online marketing or e-commerce strategies necessitates having some sort of dynamic CMS. If the client just wants a blog but really doesn’t have the budget or desire to keep their WordPress version updated, perhaps WordPress.com or Blogger would be better solutions for them. The client’s needs and online business goals should drive their website solution. Assessing the overall cost benefit of any solution is important.

6. Backup before clicking that update button!

Backup the database and the contents of the wp-content folder and any other folders you may have created (such as an images folder in the root). You might also want to back up the entire FTP directory just in case you need to revert to the older version of WordPress for some reason (such as an incompatible plugin that you need time to troubleshoot or substitute).

I’ve been using WordPress for 2.5 years, and it wasn’t until this past summer that I realized the security issues. In 2008, Joomla!, WordPress, and Drupal all made the top ten chart of known software vulnerabilities, mostly because of their growing popularity and the inherent vulnerability of PHP and MySQL. Hacks are more likely to increase than decrease, but the WordPress development teams seem to be quick to respond to known vulnerabilities with updates.

WordPress is very fun to work with, and it’s definitely a buzz kill to have to deal with security issues. But, as responsible “web developers,” we need to consider the risks and take the necessary precautions, including, YES — updating every time there is a security update.

Please let me know how you handle this with your clients by commenting below. Thanks!