I’m in favor of open source software and self-hosting. WordPress is one of the largest open source projects in the world and is well-designed for hosting your own site and giving you your own place on the web. So, this website runs on WordPress. One of its best attributes is a very healthy and expansive ecosystem – the core program itself and the abundance of easily available themes and plugins and plenty of helpful people on the web.
There are valid criticisms of WordPress, but I’ve found it works very well for me when I need to create a website of almost any type. It’s important to understand its limitations and continue to be familiar with alternatives such as Drupal or ProcessWire or the multitude of open source content management systems out there.
I use the GeneratePress theme, by Tom Usborne. This free theme, combined with its low-cost add-ons, gives me all the tools I need to create a complete range of websites. Easy and extensive customization, fully responsive (phone and tablet friendly), frequently updated/improved – I highly recommend it.
I host most of my websites at Nearly Free Speech Hosting. Pay only for what you use, a no-bullshit management interface, not even a hint of upselling, and a genuine and refreshing commitment to free speech. The most basic of sites can be published for as little as 25 cents a month. Slightly cranky but competent.
Another host I like is Reclaim Hosting, aimed at students but available to all, committed to making it easy and cheap ($25/year) to claim your place on the web.
I get my domain name services from Hover, a no-bullshit Canadian company. Both Hover and Nearly Free Speech avoid upselling and have clear, user-friendly interfaces, not common in those industries.
Here’s my standard collection of plug-ins. This list changes from time to time as I find better programs. Red are indispensable.
- Add To Any, social media sharing
- Akismet, anti-spam
- Comet Cache, simple caching
- Contact Form 7, simple forms
- Display Widgets, control over widget display
- Duplicate Post, quick copy of posts and pages
- Email Obfuscator, hides email addresses (not at WordPress.org anymore)
- Generate Press Premium, add-ons to GeneratePress theme, focused on customization
- Lightweight Grid Columns, easy columnar layout, by Tom Usborne
- Login Logo, customize your login page
- No Comments on Pages, eliminate comments entirely
- Optimize Database, streamline your database for speed
- Post Snippets, reusable content
- Quick Page/Post Redirect, easy redirects
- Simple Firewall, security
- Updraft Plus, backup and restore
I highly recommend using SSH (“shell access”) and WP-CLI, a command line interpreter designed for managing WordPress. Everything’s much, much easier and faster compared to FTP programs or the WordPress dashboard.
WordPress is very popular, so WordPress sites are under constant attack by malevolent people.
Here’s what I do to protect my sites:
- Use a good security plugin. I use Simple Firewall. It has many protective features and is frequently updated.
- Rename and hide the login file, an option in Simple Firewall.
- Don’t have a user named admin, and carefully control admin rights.
- Disable xmlrpc.php if you don’t need it, an option in Simple Firewall.
- Use a good anti-spam plugin, such as Akismet, or turn off commenting altogether.
- Put proper permissions on files, see Changing File Permissions, at WordPress.org.
- Update core, themes and all plugins frequently. I don’t let a week go by without updating.
- Maintain a test site (or two) to try out changes before updating production sites.
- Change passwords and other named security features on a regular schedule.
- Remove unused plugins and themes.
- Use SFTP, not FTP. Don’t use any updating features in the WordPress dashboard. Whenever possible I use WP-CLI for installing, updating and deleting.
- Use a good backup plugin or other methods to back up and restore. I use Updraft Plus and store the backup files at Amazon Web Services.
Open Source – Supporting the Creators
Everything I use is open source except the premium add-ons for GeneratePress.
I try to support plugin creators in whatever way they wish to be supported, usually small cash payments. This is one important way the wonderful open source environment sustains itself, and it’s a direct thank you to creative people who make useful tools. I remind myself of the benefit I’m getting from their programs and try to pay that back when I can.
I’m working on “IndieWebifying” my site and my social media accounts. Why? When I allow my content to be under other people’s control, I of course lose some control myself. And the other party can go out of business or change its operations so that any content I put there can be lost. I also stand to lose control of my very identity on the web if I use third party services for identification and authentication.
Even though I don’t write a lot on the web, it’s important to me that when I do write something, it’s clearly identified as mine.
So I’m working on making this website my primary “home on the web”, and I’ll POSSE all my content from here (Publish on Own Site, Syndicate Elsewhere). To start, my blog posts will semi-automatically post to my Facebook page and my Twitter stream.