Friday the 13th Full Moon post

It’s Friday the 13th and there will be a full moon!

Full Moon
Yeah, I took that!

I do find myself very thoughtful and somewhat eager to start a new adventure. Is it the moon? Is it my age? Is it something or just in my mind?? I don’t know, but something is stirring in me to make some changes and accept some challenges!

I will be changing the layout of this blog… actually, I am going to rebrand it all together next week. It will be more about me – of course – but will also be about my life companion of 3 + decades!! It will be called Carrie & David. I haven’t registered the domain name yet but this domain will be redirected there anyway.

So that’s about it for this blog. The new site will include travel, life, photos, videos, and what it’s like when two lifelong best friends grow old together whilst still enjoying life, new adventures, and new experiences together.

Yes, there will be a separate one where I will share our culinary journey too. www.GringoDaveCooks.com

VRBO San Diego : Baywatch Bungalow

Our first trip in many years takes us to San Diego and nice little studio Vacation Rental By Owner (VRBO). We love VRBO’s because they usually come with a kitchen and they are much less fussy than a resort or hotel. We love to get out and see things, but we also like to relax, cook for ourselves and enjoy the privacy (intimacy) of our own little home away from home.

The Baywatch Bungalow was great. Even though it is a studio, it’s very spacious. The owners are very accommodating and the place is well equipped. The location is amazing! Right in the middle of everything but still in a nice quiet neighborhood. The price is right for this little gem. https://www.vrbo.com/1188423

WordPress user, admin, and host

Since it appears that I am becoming a WordPress user, admin, and host, I am trying to establish a workflow for starting a new WordPress site on my servers. There are features/plugins that all sites should have.

They are

A Theme
Whether it be free or paid for, all WordPress sites require a theme to present the content. For this site (more personal than anything), I have chosen a paid-for theme called “ContentBerg” which utilizes the Guttenberg features. It has many of the tools cooked into the theme so I don’t have to add those features individually. There is a bit of a learning curve to each theme, it just takes time and practice to get to know the ins and outs of each theme.

Stats
All web publishers want to know how famous they are. A good web publisher wants to know a lot more such as where traffic is coming from, what pages are most/least popular, and even demographics, user platforms and more. I will be utilizing the tried and true Google Analytics for my sites.

Monetization
All (okay most) web publishers would like to be famous, but everyone I know, want to make money from their efforts. With a starting blog like this one, the easiest way to generate revenue is to use an existing Google Adsense account. As the site grows, I can add affiliate links and direct-sold ads, but for now, especially for this site, I am not anticipating a large amount of traffic and so… not much revenue.

Back up and recovery plan
In the past (since 1995), I have always published locally and then transferred the articles and files manually to the online server. This has been my way of protecting myself from hackers (yes, I’ve had sites hacked through shared hosting issues) and also from the sudden disappearance of a hosting company (yes, I’ve had that happen twice over the last 20+ years).

With WordPress websites, there is the added complexity of the relational database which is near impossible to host locally and mirror live. I’m sure there are ways to do this but it is not my intent to create a handshake schema between local and live content. I will copy all files to a backup location and will back up the database at set intervals just in case of the worst.

I have yet to develop and establish my disaster protection and recovery plan for WordPress websites, but suffice to say that the files and database/s will be stored locally on a schedule and a written recovery checklist will be printed.

(Future link to disaster protection and recovery plan for WordPress websites here.)

More to come… I have to get the August issue finished now.

FranTech Section

I have added a section of my personal blog called “FranTech.” It’s basically my name, Francis and the word technical. It also has a playful connotation as frantic which is how I develop websites, magazines, videos, etc., so it’s appropriate.

The idea is to have a section devoted to techno-babble related posts and videos that may be of use to people interested in that sort of stuff. I will likely have subcategories to this section such as video editing, HTML, CSS, website hosting and much much more.

ColorMag “free” WordPress Theme a NO GO

ColorMag free theme by ThemeGrill screen shot

I’ve spent a few hours today (Sunday, May 26, 2019) installing and configuring the free ColorMag WordPress theme only to discover that I cannot add a top banner AdSense block to monetize the site.

I liked everything I saw about the theme, especially the categories since I hope to diversify this site in many ways. But my brief experience with the theme reveals that any effort to place advertisements is not possible, at least not without editing the files directly. Editing files is problematic because if (when) there is an update to the theme, any manual modifications are overwritten by the update. I’ve already experienced that with the default.

Oh well… live and learn! It’s possible that many of the free themes available will limit my ability to monetize, which I guess makes sense.

HP Computer: Windows 10 Won’t Boot

Image by Rusty Gouveia from Pixabay

The morning after Cinco de Mayo in Tucson Arizona can be haunted by a hangover due to the excessive revelry the day before, but this Seis de Mayo had its own kind of headache.

“Honey, my computer won’t turn on.”

Oh boy!

Okay – the symptom on our 6-month-old HP, Windows 10 Pro computer is, we get the HP logo and spinning guy, then nothing. I tried safe mode (F8), nothing. I checked the BIOS (F10) – seemed to be fine. I even unplugged the USB printer, nothing.

What the heck? Review; the computer is working properly, but once it tried to access the hard drive where Windows resides, it fails. Bummer!

So I began to download a Windows boot disk onto and USB thumb drive so I could bypass the hard drive and attempt to resuscitate this computer from another source. While it was downloading and configuring, (4+ gigabytes of system data), I decided to “wiggle the wires.”

Wiggle the wires? With the computer turned off, I removed the side panel of the CPU case and simply wiggled the wire bundle where it attaches to the hard drive, and where it attaches to the motherboard, turned it on and everything was hunky-dory.

I know this is a short solution to what felt like a big problem, but sometimes you just have to consider the potential for mechanical/electrical failure. Like hitting the top of a TV to fix reception in the old days, a little wiggle-wiggle-wiggle of the wires did the trick.

This did bring up an important flaw in our IT management. We both upgraded our computers this past year. We have been running both our originals side by side (with remote desktop) to help the migration process, but I never set up a recovery plan. Sure, I have a data backup plan in place, but not a whole system recovery plan. That’s about to change.

This week, whilst I finish up on a few videos, create three new websites, start my exercise program and film some new videos, I will also be updating our information systems recovery and backup policy and procedure. (ISRABPP?) Now, where did I put those 5 extra hours per day, and 3 extra days of the week?

This is a good place to mention the creation of a new section of our personal blog/channel. I will call it “FranTech,” and it will be a place I share my experience relating to technology of all sorts. From simple computer problems to setting up entire websites, home networks, and even hard learned software tips, tricks, and techniques, I will share what I can, as often as I can.

So be on the lookout for what could be considered, boring, but useful to some, postings.

Video ¿Hobby?

For the past year or so, I have been studying video production. I guess I have always had an interest in video, but never really nurtured the desire. I made a wedding video for some dear friends years ago, as well as some fun videos using Microsoft Windows Movie Maker (c2000).

As a magazine publisher, web developer and all ’round creative guy, I have the Adobe Creative Cloud software subscription which includes many creative programs for one low monthly price. I already use PhotoShop, InDesign, Bridge, and Illustrator on a regular basis, but this creative cloud comes with high powered video production software, PremierePro, professional audio software, Audition, and even a great motion graphics program called AfterEffects. The learning curve has been steep — to say the least — but with a little help from YouTube and a lot of practice, I’ve been able to create a few ‘fair’ videos.

From “hobby” to “passion” to “professional.”

Since I’m still a magazine publisher — albeit digital now — I’ve decided to make videos for the magazine. It will help the publication as well as allow me to nurture my videographer skillset. From virtual reality 360° videos and short videos about local area attractions, I will be able to produce content that will attract readers, sponsors, and revenue. I will also be producing regular cooking videos on another channel as well. I’m excited — but this little hobby of mine ain’t cheap.

I’ll get into the equipment and software I use someday, but as a budding video creator, I’ve made the intentional decision to keep things as affordable as possible. I did upgrade my PC, it was time, which was significant. I found that gaming PC’s have the processor speeds as well as the video cards to support editing, rendering and publishing motion video. Of course, I have my eyes on new and bigger computers (>$10,000), but for now, I have what I need.

ALSO… besides the computer, I need camera/s. I’ve invested in a great GoPro Fusion for the 360° camera and also a new Canon PowerShot, but I’ve decided to use my cell phone (with a gimbal) instead of investing in a great DSLR — for now.

Since I needed the computer for the magazine website, I don’t count that as part of my video hobby expenditure. I have purchased a sound recorder, an action camera (cheap GoPro), the 360° GoPro (ouch), the PowerShot, a gimbal, some accessories and that will do me for now. I have decided not to invest any more significant money* until I publish several quality videos and know this is something that can hold my attention.

*Significant money = $5,000 per camera X 3 studio cameras, plus professional lighting, sound, mixing, computing, storage etc. Budget, $30,000 to $130,000.

Even as I write this, I am rendering dozens of 360° videos (63) from the first day of filming at the Sonoran Desert Museum, as well as 83 photos and 26 1080p videos. That project will include a 360 video as well as a HD video about one of Tucson’s most popular attractions. We are scheduled to return tomorrow to finish up a few more locations as well as a few hours of “b-roll” (filler video) and sound capture work.

I’m not sure where I will be journalling my video making exploits, but I plan to do it somewhere… if I do, I’ll post a link here.

Pink Moon Video

Copyright 2019, David Francis

We confirmed it, the April full moon is NOT pink! (Or is it?) But it was quite a sight just the same. Apparently, according to the vast greatness of the internet, the April full moon is called a “Pink Moon,” not due to its color, but due to folklore – a reference to moss pink, or wild ground phlox flowers whose pinkish flower are amongst the first to bloom in spring in the east. Spiritually, the Pink Moon signifies rebirth and renewal — just like Spring as it’s the season of rebirth and renewal. Happy pink spring my friends. #WaitForTheEnd

First: WordPress Security

One of the reasons I have shied away from WordPress is the fact it is “open source” and widely used. In my opinion (based on 24+ years in the web making business), open source is the first issue because the WordPress code is open and available to the public — including open to those with less than reputable motives. For some reason, there are people who want to break the code and attack websites for no other reason than “they can.” Others will (do) attack websites to steal information, infect visitors or even redirect readers to other websites for nefarious reasons.

To me, another security risk factor is that WordPress is — by far — the most used blogging/web-publishing platform on the internet today. The fact that so many websites use the open source coding is a huge motivator to those who seek to do harm. By cracking one program, a “hacker” can affect millions of unprotected websites around the world, which is/was kind of a deal breaker for me.

When I decided that I was going to use WordPress for my websites, I also decided that I would do everything I could to make it as secure as possible. I know I’ll never underestimate the brilliance of the dedicated coder — but I can do what I can to keep my site safe from the hack-bots and creepy crawlers of the world-wide-web.

I am hosting my own WordPress files, code, and database. For MOST users who use a service like WordPress.com, GoDaddy, or other hosted services, the security is built in at the host level and most of my concerns are addressed. Folks who use hosting services should look into methods of backing up all files including photos and other media and even the database, which I will get into later. For me, I’ll be keeping a local (on my own computer) version of all files, folders, and database at all times. This way, if my hosting service should wake up dead one morning (which has happened to me twice), I can easily deploy everything on a new server in a few hours.

After I installed WordPress and the associated database, I immediately changed all my passwords to ones that are difficult to figure out, using a combination of capital letters, numbers and special characters. I allowed my browser to remember these passwords on my computer since it too is password protected.

After I configured my email to work properly, I tested the site by logging onto it online (no errors) and posted my first test post (no errors). I went back into the WordPress settings and checked “auto update.” This is very important!

Up To Date WordPress & Plugins

The most common hacks or injections on WordPress happen because of outdated software, themes or plugins. Your trusted software developers are constantly updating the software to keep it safe and counteract the efforts of would-be hackers. You should always keep everything up to date and current. The latest version of WordPress is always available on the main website at http://wordpress.org and your plugin developers should have the same. WordPress is set to auto update by default. You can check the status by logging onto your dashboard and clicking the update tab on the left ({yoursite}/wp-admin/update-core.php).

Strong Password

The next most common way hackers find their way into your website is by figuring out your password. They have little programs that run through thousands of possibilities to attempt to gain access to your beloved files. A strong password in an important aspect of securing your application from would-be wrongdoers. A strong password is not only necessary to protect your blog content, but it also prevents hackers from installing malicious code and scripts that can potentially compromise the entire server.

Things to avoid when choosing a password.
   Any permutation of your own real name, username, company name, or name of your website.
    A word from a dictionary, in any language.
    A short password.
    Any numeric-only or alphabetic-only password (a mixture of both is best). 

As I said, I prefer passwords that are difficult to figure out, using a combination of capital letters, numbers and special characters.

File and Folder Permissions

IF there is no need to install any plugins, no need to use the theme editor, nor install any WordPress updates, the ONLY folder that required write permissions is the /wp-content/uploads/ folder (for images/media). Everything else should have read access only.

If you want/need to allow plugin install/updates, you need to allow write permissions to the /wp-content/plugins/ folder.

If you want/need to allow the use of the theme editor — including theme updates — then you also have to allow write permissions on the /wp-content/themes/ folder. Note: If you only edit/add themes and plugins rarely, it is good practice to remove the write edit permissions once you are finished making your changes.

All said; if you want to allow that “auto-update” feature of WordPress to keep everything up to date at all times, you will need to give read/write permissions on the root folder. This is the least secure option but also the most common way to install it — mostly for convenience. Alternatively, you can edit the permissions for all of the above back to write only (except the uploads folder) if you wish to achieve the highest level of security possible.

All said: The above applies to outside attacks – if your password is compromised, then none of the efforts above will make any difference at all.

Note: I will be working on a schema using Adobe Dreamweaver to modify my installation and only upload the modified files, eliminating the need to continually modify folder permission on the live server. More to come on that — link when it’s complete.

Hide the wp-config.php file

This is a hacker magnet, a file that holds a lot of very sensitive information about the installation of WordPress on your server. Up to and including your database password (YIPES). I found a great article about how to move this to another location for safe keeping… “Harden WordPress Security By Moving wp-config.php to a Non-public Folder” By Jack Busch

Disable File Editing

Speaking of the wp-config.php file, you are able to use this file (now in a top secret location) to prevent people from editing the pages in your folder/website. See, the WordPress dashboard allows administrators to edit PHP files directly from the dashboard and this is often a tool an attacker will use should they gain access to your login (not possible because you have an incredibly strong password). This gets a little tricky but all you have to do is edit the wp-config.php by adding this line and is equivalent to removing the ‘edit_themes’, ‘edit_plugins’ and ‘edit_files’ capabilities of all users:

define('DISALLOW_FILE_EDIT', true);

This will not prevent an attacker from uploading malicious files to your site but might stop some attacks.

Delete the default “admin” account

When your WordPress website is created, by default, the first account created is the admin account (which has FULL access to all settings).

On a brand new install, you can simply create a new Administrative account and delete the one created by default.

On an existing WordPress installation, you may rename the existing account in the MySQL command-line client with a command like UPDATE wp_users SET user_login = ‘newuser’ WHERE user_login = ‘admin’;,  — or by using a MySQL frontend like phpMyAdmin.

Change the table_prefix

Since every installation of WordPress is exactly the same, intruders know what the table names are in your database. They all have a prefix of “wp_” by default. By changing the prefix of the tables, you are making it much more difficult for attackers to exploit some SQL injection attacks. It is best to do this during the initial installation.

Backup everything regularly!

Backup your entire website, including the folder structure using your favorite FTP program. You also want to keep a complete backup of your database. In high-value situations, especially with many contributors, you’re going to want to backup very often, once or more per day. For the casual blogger, once a month should be fine but the more often the better.

Keep your backups organized. For example, if you are backing up every day, create a folder with the structure…

/wp-backups/
/2019-04-20/
/2019-04-21/
/2019-04-22/
/2019-04-23/

This way you will always know what the latest backup is and make it easier to clean up the folder periodically.

That said, if you are administering a large WordPress website, you should look into automating the backup process for both the FTP and database elements of your site.

Be wary of Phishing expeditions…

Since everyone knows you’re using WordPress, and most installations are exactly the same, it’s very easy for a bad actor to compose an email that looks like it legitimately came from your own website. Be wary of urgent messages, especially with links from “your server.” When in doubt, don’t click on anything on the email, go directly to your dashboard and check everything out on your own. It may be confusing because there’s nothing wrong, but of course there’s not, the email likely came from another country, completely unrelated to your installation of WordPress.

Conclusion

The time to think about security at the beginning, but also in the middle and end. Setting a great security foundation from which to build your creative outlet will pay off in the long run. Protect yourself, your server, and even your readers and subscribers by instituting a tangible website protection policy from the moment it is deployed.