I Canceled AT&T DirecTV

So I decided to cancel DirecTV after at least 15 years because the service had become a financial burden, their equipment stunk – especially the remotes – and I grew tired of having to scroll through so many shopping channels.

Cost: Channels alone was $110.48 which included a “regional sports fee.” Then the equipment with the protection plan was another $50.99. With $1.22 sales tax, my LAST bill was $162.69

UPDATE: I failed to mention how easy it was to cancel. I had read a number of horrific experiences that people had with the “retention department.” So I had a plan, I would simply say that we were canceling for religious reasons. I called the number, and the nice AT&T dude took care of the cancelation quickly, politely and never even asked why I was canceling. Less than 10 minutes in total. I dreaded that call for weeks and all for nothing.

I don’t watch much more than sports, food channels and some sci-fi shows. I vowed off the news years ago and my life is much more peaceful.

I spent the last 3 or 4 months reviewing my options from cable to streaming services and I chose YouTube TV. They have the best selection of channels and include Fox Sports AZ (and San Diego), ESPN, MLB, among others. We are huge fans of Diamondbacks baseball and FSAZ airs all of their games. WOOT! 

In Tucson, YouTube TV includes all of our local network stations. It also includes all of the major cable news channels.

All this for only $53.04.

I was a little concerned about our internet service because it tops out at 20mps – and after I get the TV upstairs hooked up, I may have to upgrade my DSL – but when I do, it will be cheaper and faster.

Sure, I had to give up a few things, and the resolution doesn’t seem as HD as before, but for +$1,200.00 per year in savings… I think I’ll live.

WordPress user, admin, and host

Since it appears that I am becoming a WordPress user, admin, and host, I am trying to establish a workflow for starting a new WordPress site on my servers. There are features/plugins that all sites should have.

They are

A Theme
Whether it be free or paid for, all WordPress sites require a theme to present the content. For this site (more personal than anything), I have chosen a paid-for theme called “ContentBerg” which utilizes the Guttenberg features. It has many of the tools cooked into the theme so I don’t have to add those features individually. There is a bit of a learning curve to each theme, it just takes time and practice to get to know the ins and outs of each theme.

All web publishers want to know how famous they are. A good web publisher wants to know a lot more such as where traffic is coming from, what pages are most/least popular, and even demographics, user platforms and more. I will be utilizing the tried and true Google Analytics for my sites.

All (okay most) web publishers would like to be famous, but everyone I know, want to make money from their efforts. With a starting blog like this one, the easiest way to generate revenue is to use an existing Google Adsense account. As the site grows, I can add affiliate links and direct-sold ads, but for now, especially for this site, I am not anticipating a large amount of traffic and so… not much revenue.

Back up and recovery plan
In the past (since 1995), I have always published locally and then transferred the articles and files manually to the online server. This has been my way of protecting myself from hackers (yes, I’ve had sites hacked through shared hosting issues) and also from the sudden disappearance of a hosting company (yes, I’ve had that happen twice over the last 20+ years).

With WordPress websites, there is the added complexity of the relational database which is near impossible to host locally and mirror live. I’m sure there are ways to do this but it is not my intent to create a handshake schema between local and live content. I will copy all files to a backup location and will back up the database at set intervals just in case of the worst.

I have yet to develop and establish my disaster protection and recovery plan for WordPress websites, but suffice to say that the files and database/s will be stored locally on a schedule and a written recovery checklist will be printed.

(Future link to disaster protection and recovery plan for WordPress websites here.)

More to come… I have to get the August issue finished now.

FranTech Section

I have added a section of my personal blog called “FranTech.” It’s basically my name, Francis and the word technical. It also has a playful connotation as frantic which is how I develop websites, magazines, videos, etc., so it’s appropriate.

The idea is to have a section devoted to techno-babble related posts and videos that may be of use to people interested in that sort of stuff. I will likely have subcategories to this section such as video editing, HTML, CSS, website hosting and much much more.

ColorMag “free” WordPress Theme a NO GO

ColorMag free theme by ThemeGrill screen shot

I’ve spent a few hours today (Sunday, May 26, 2019) installing and configuring the free ColorMag WordPress theme only to discover that I cannot add a top banner AdSense block to monetize the site.

I liked everything I saw about the theme, especially the categories since I hope to diversify this site in many ways. But my brief experience with the theme reveals that any effort to place advertisements is not possible, at least not without editing the files directly. Editing files is problematic because if (when) there is an update to the theme, any manual modifications are overwritten by the update. I’ve already experienced that with the default.

Oh well… live and learn! It’s possible that many of the free themes available will limit my ability to monetize, which I guess makes sense.

HP Computer: Windows 10 Won’t Boot

Image by Rusty Gouveia from Pixabay

The morning after Cinco de Mayo in Tucson Arizona can be haunted by a hangover due to the excessive revelry the day before, but this Seis de Mayo had its own kind of headache.

“Honey, my computer won’t turn on.”

Oh boy!

Okay – the symptom on our 6-month-old HP, Windows 10 Pro computer is, we get the HP logo and spinning guy, then nothing. I tried safe mode (F8), nothing. I checked the BIOS (F10) – seemed to be fine. I even unplugged the USB printer, nothing.

What the heck? Review; the computer is working properly, but once it tried to access the hard drive where Windows resides, it fails. Bummer!

So I began to download a Windows boot disk onto and USB thumb drive so I could bypass the hard drive and attempt to resuscitate this computer from another source. While it was downloading and configuring, (4+ gigabytes of system data), I decided to “wiggle the wires.”

Wiggle the wires? With the computer turned off, I removed the side panel of the CPU case and simply wiggled the wire bundle where it attaches to the hard drive, and where it attaches to the motherboard, turned it on and everything was hunky-dory.

I know this is a short solution to what felt like a big problem, but sometimes you just have to consider the potential for mechanical/electrical failure. Like hitting the top of a TV to fix reception in the old days, a little wiggle-wiggle-wiggle of the wires did the trick.

This did bring up an important flaw in our IT management. We both upgraded our computers this past year. We have been running both our originals side by side (with remote desktop) to help the migration process, but I never set up a recovery plan. Sure, I have a data backup plan in place, but not a whole system recovery plan. That’s about to change.

This week, whilst I finish up on a few videos, create three new websites, start my exercise program and film some new videos, I will also be updating our information systems recovery and backup policy and procedure. (ISRABPP?) Now, where did I put those 5 extra hours per day, and 3 extra days of the week?

This is a good place to mention the creation of a new section of our personal blog/channel. I will call it “FranTech,” and it will be a place I share my experience relating to technology of all sorts. From simple computer problems to setting up entire websites, home networks, and even hard learned software tips, tricks, and techniques, I will share what I can, as often as I can.

So be on the lookout for what could be considered, boring, but useful to some, postings.

First: WordPress Security

One of the reasons I have shied away from WordPress is the fact it is “open source” and widely used. In my opinion (based on 24+ years in the web making business), open source is the first issue because the WordPress code is open and available to the public — including open to those with less than reputable motives. For some reason, there are people who want to break the code and attack websites for no other reason than “they can.” Others will (do) attack websites to steal information, infect visitors or even redirect readers to other websites for nefarious reasons.

To me, another security risk factor is that WordPress is — by far — the most used blogging/web-publishing platform on the internet today. The fact that so many websites use the open source coding is a huge motivator to those who seek to do harm. By cracking one program, a “hacker” can affect millions of unprotected websites around the world, which is/was kind of a deal breaker for me.

When I decided that I was going to use WordPress for my websites, I also decided that I would do everything I could to make it as secure as possible. I know I’ll never underestimate the brilliance of the dedicated coder — but I can do what I can to keep my site safe from the hack-bots and creepy crawlers of the world-wide-web.

I am hosting my own WordPress files, code, and database. For MOST users who use a service like WordPress.com, GoDaddy, or other hosted services, the security is built in at the host level and most of my concerns are addressed. Folks who use hosting services should look into methods of backing up all files including photos and other media and even the database, which I will get into later. For me, I’ll be keeping a local (on my own computer) version of all files, folders, and database at all times. This way, if my hosting service should wake up dead one morning (which has happened to me twice), I can easily deploy everything on a new server in a few hours.

After I installed WordPress and the associated database, I immediately changed all my passwords to ones that are difficult to figure out, using a combination of capital letters, numbers and special characters. I allowed my browser to remember these passwords on my computer since it too is password protected.

After I configured my email to work properly, I tested the site by logging onto it online (no errors) and posted my first test post (no errors). I went back into the WordPress settings and checked “auto update.” This is very important!

Up To Date WordPress & Plugins

The most common hacks or injections on WordPress happen because of outdated software, themes or plugins. Your trusted software developers are constantly updating the software to keep it safe and counteract the efforts of would-be hackers. You should always keep everything up to date and current. The latest version of WordPress is always available on the main website at http://wordpress.org and your plugin developers should have the same. WordPress is set to auto update by default. You can check the status by logging onto your dashboard and clicking the update tab on the left ({yoursite}/wp-admin/update-core.php).

Strong Password

The next most common way hackers find their way into your website is by figuring out your password. They have little programs that run through thousands of possibilities to attempt to gain access to your beloved files. A strong password in an important aspect of securing your application from would-be wrongdoers. A strong password is not only necessary to protect your blog content, but it also prevents hackers from installing malicious code and scripts that can potentially compromise the entire server.

Things to avoid when choosing a password.
   Any permutation of your own real name, username, company name, or name of your website.
    A word from a dictionary, in any language.
    A short password.
    Any numeric-only or alphabetic-only password (a mixture of both is best). 

As I said, I prefer passwords that are difficult to figure out, using a combination of capital letters, numbers and special characters.

File and Folder Permissions

IF there is no need to install any plugins, no need to use the theme editor, nor install any WordPress updates, the ONLY folder that required write permissions is the /wp-content/uploads/ folder (for images/media). Everything else should have read access only.

If you want/need to allow plugin install/updates, you need to allow write permissions to the /wp-content/plugins/ folder.

If you want/need to allow the use of the theme editor — including theme updates — then you also have to allow write permissions on the /wp-content/themes/ folder. Note: If you only edit/add themes and plugins rarely, it is good practice to remove the write edit permissions once you are finished making your changes.

All said; if you want to allow that “auto-update” feature of WordPress to keep everything up to date at all times, you will need to give read/write permissions on the root folder. This is the least secure option but also the most common way to install it — mostly for convenience. Alternatively, you can edit the permissions for all of the above back to write only (except the uploads folder) if you wish to achieve the highest level of security possible.

All said: The above applies to outside attacks – if your password is compromised, then none of the efforts above will make any difference at all.

Note: I will be working on a schema using Adobe Dreamweaver to modify my installation and only upload the modified files, eliminating the need to continually modify folder permission on the live server. More to come on that — link when it’s complete.

Hide the wp-config.php file

This is a hacker magnet, a file that holds a lot of very sensitive information about the installation of WordPress on your server. Up to and including your database password (YIPES). I found a great article about how to move this to another location for safe keeping… “Harden WordPress Security By Moving wp-config.php to a Non-public Folder” By Jack Busch

Disable File Editing

Speaking of the wp-config.php file, you are able to use this file (now in a top secret location) to prevent people from editing the pages in your folder/website. See, the WordPress dashboard allows administrators to edit PHP files directly from the dashboard and this is often a tool an attacker will use should they gain access to your login (not possible because you have an incredibly strong password). This gets a little tricky but all you have to do is edit the wp-config.php by adding this line and is equivalent to removing the ‘edit_themes’, ‘edit_plugins’ and ‘edit_files’ capabilities of all users:

define('DISALLOW_FILE_EDIT', true);

This will not prevent an attacker from uploading malicious files to your site but might stop some attacks.

Delete the default “admin” account

When your WordPress website is created, by default, the first account created is the admin account (which has FULL access to all settings).

On a brand new install, you can simply create a new Administrative account and delete the one created by default.

On an existing WordPress installation, you may rename the existing account in the MySQL command-line client with a command like UPDATE wp_users SET user_login = ‘newuser’ WHERE user_login = ‘admin’;,  — or by using a MySQL frontend like phpMyAdmin.

Change the table_prefix

Since every installation of WordPress is exactly the same, intruders know what the table names are in your database. They all have a prefix of “wp_” by default. By changing the prefix of the tables, you are making it much more difficult for attackers to exploit some SQL injection attacks. It is best to do this during the initial installation.

Backup everything regularly!

Backup your entire website, including the folder structure using your favorite FTP program. You also want to keep a complete backup of your database. In high-value situations, especially with many contributors, you’re going to want to backup very often, once or more per day. For the casual blogger, once a month should be fine but the more often the better.

Keep your backups organized. For example, if you are backing up every day, create a folder with the structure…


This way you will always know what the latest backup is and make it easier to clean up the folder periodically.

That said, if you are administering a large WordPress website, you should look into automating the backup process for both the FTP and database elements of your site.

Be wary of Phishing expeditions…

Since everyone knows you’re using WordPress, and most installations are exactly the same, it’s very easy for a bad actor to compose an email that looks like it legitimately came from your own website. Be wary of urgent messages, especially with links from “your server.” When in doubt, don’t click on anything on the email, go directly to your dashboard and check everything out on your own. It may be confusing because there’s nothing wrong, but of course there’s not, the email likely came from another country, completely unrelated to your installation of WordPress.


The time to think about security at the beginning, but also in the middle and end. Setting a great security foundation from which to build your creative outlet will pay off in the long run. Protect yourself, your server, and even your readers and subscribers by instituting a tangible website protection policy from the moment it is deployed.