Video ¿Hobby?

For the past year or so, I have been studying video production. I guess I have always had an interest in video, but never really nurtured the desire. I made a wedding video for some dear friends years ago, as well as some fun videos using Microsoft Windows Movie Maker (c2000).

As a magazine publisher, web developer and all ’round creative guy, I have the Adobe Creative Cloud software subscription which includes many creative programs for one low monthly price. I already use PhotoShop, InDesign, Bridge, and Illustrator on a regular basis, but this creative cloud comes with high powered video production software, PremierePro, professional audio software, Audition, and even a great motion graphics program called AfterEffects. The learning curve has been steep — to say the least — but with a little help from YouTube and a lot of practice, I’ve been able to create a few ‘fair’ videos.

From “hobby” to “passion” to “professional.”

Since I’m still a magazine publisher — albeit digital now — I’ve decided to make videos for the magazine. It will help the publication as well as allow me to nurture my videographer skillset. From virtual reality 360° videos and short videos about local area attractions, I will be able to produce content that will attract readers, sponsors, and revenue. I will also be producing regular cooking videos on another channel as well. I’m excited — but this little hobby of mine ain’t cheap.

I’ll get into the equipment and software I use someday, but as a budding video creator, I’ve made the intentional decision to keep things as affordable as possible. I did upgrade my PC, it was time, which was significant. I found that gaming PC’s have the processor speeds as well as the video cards to support editing, rendering and publishing motion video. Of course, I have my eyes on new and bigger computers (>$10,000), but for now, I have what I need.

ALSO… besides the computer, I need camera/s. I’ve invested in a great GoPro Fusion for the 360° camera and also a new Canon PowerShot, but I’ve decided to use my cell phone (with a gimbal) instead of investing in a great DSLR — for now.

Since I needed the computer for the magazine website, I don’t count that as part of my video hobby expenditure. I have purchased a sound recorder, an action camera (cheap GoPro), the 360° GoPro (ouch), the PowerShot, a gimbal, some accessories and that will do me for now. I have decided not to invest any more significant money* until I publish several quality videos and know this is something that can hold my attention.

*Significant money = $5,000 per camera X 3 studio cameras, plus professional lighting, sound, mixing, computing, storage etc. Budget, $30,000 to $130,000.

Even as I write this, I am rendering dozens of 360° videos (63) from the first day of filming at the Sonoran Desert Museum, as well as 83 photos and 26 1080p videos. That project will include a 360 video as well as a HD video about one of Tucson’s most popular attractions. We are scheduled to return tomorrow to finish up a few more locations as well as a few hours of “b-roll” (filler video) and sound capture work.

I’m not sure where I will be journalling my video making exploits, but I plan to do it somewhere… if I do, I’ll post a link here.

Pink Moon Video

Copyright 2019, David Francis

We confirmed it, the April full moon is NOT pink! (Or is it?) But it was quite a sight just the same. Apparently, according to the vast greatness of the internet, the April full moon is called a “Pink Moon,” not due to its color, but due to folklore – a reference to moss pink, or wild ground phlox flowers whose pinkish flower are amongst the first to bloom in spring in the east. Spiritually, the Pink Moon signifies rebirth and renewal — just like Spring as it’s the season of rebirth and renewal. Happy pink spring my friends. #WaitForTheEnd

First: WordPress Security

One of the reasons I have shied away from WordPress is the fact it is “open source” and widely used. In my opinion (based on 24+ years in the web making business), open source is the first issue because the WordPress code is open and available to the public — including open to those with less than reputable motives. For some reason, there are people who want to break the code and attack websites for no other reason than “they can.” Others will (do) attack websites to steal information, infect visitors or even redirect readers to other websites for nefarious reasons.

To me, another security risk factor is that WordPress is — by far — the most used blogging/web-publishing platform on the internet today. The fact that so many websites use the open source coding is a huge motivator to those who seek to do harm. By cracking one program, a “hacker” can affect millions of unprotected websites around the world, which is/was kind of a deal breaker for me.

When I decided that I was going to use WordPress for my websites, I also decided that I would do everything I could to make it as secure as possible. I know I’ll never underestimate the brilliance of the dedicated coder — but I can do what I can to keep my site safe from the hack-bots and creepy crawlers of the world-wide-web.

I am hosting my own WordPress files, code, and database. For MOST users who use a service like, GoDaddy, or other hosted services, the security is built in at the host level and most of my concerns are addressed. Folks who use hosting services should look into methods of backing up all files including photos and other media and even the database, which I will get into later. For me, I’ll be keeping a local (on my own computer) version of all files, folders, and database at all times. This way, if my hosting service should wake up dead one morning (which has happened to me twice), I can easily deploy everything on a new server in a few hours.

After I installed WordPress and the associated database, I immediately changed all my passwords to ones that are difficult to figure out, using a combination of capital letters, numbers and special characters. I allowed my browser to remember these passwords on my computer since it too is password protected.

After I configured my email to work properly, I tested the site by logging onto it online (no errors) and posted my first test post (no errors). I went back into the WordPress settings and checked “auto update.” This is very important!

Up To Date WordPress & Plugins

The most common hacks or injections on WordPress happen because of outdated software, themes or plugins. Your trusted software developers are constantly updating the software to keep it safe and counteract the efforts of would-be hackers. You should always keep everything up to date and current. The latest version of WordPress is always available on the main website at and your plugin developers should have the same. WordPress is set to auto update by default. You can check the status by logging onto your dashboard and clicking the update tab on the left ({yoursite}/wp-admin/update-core.php).

Strong Password

The next most common way hackers find their way into your website is by figuring out your password. They have little programs that run through thousands of possibilities to attempt to gain access to your beloved files. A strong password in an important aspect of securing your application from would-be wrongdoers. A strong password is not only necessary to protect your blog content, but it also prevents hackers from installing malicious code and scripts that can potentially compromise the entire server.

Things to avoid when choosing a password.
   Any permutation of your own real name, username, company name, or name of your website.
    A word from a dictionary, in any language.
    A short password.
    Any numeric-only or alphabetic-only password (a mixture of both is best). 

As I said, I prefer passwords that are difficult to figure out, using a combination of capital letters, numbers and special characters.

File and Folder Permissions

IF there is no need to install any plugins, no need to use the theme editor, nor install any WordPress updates, the ONLY folder that required write permissions is the /wp-content/uploads/ folder (for images/media). Everything else should have read access only.

If you want/need to allow plugin install/updates, you need to allow write permissions to the /wp-content/plugins/ folder.

If you want/need to allow the use of the theme editor — including theme updates — then you also have to allow write permissions on the /wp-content/themes/ folder. Note: If you only edit/add themes and plugins rarely, it is good practice to remove the write edit permissions once you are finished making your changes.

All said; if you want to allow that “auto-update” feature of WordPress to keep everything up to date at all times, you will need to give read/write permissions on the root folder. This is the least secure option but also the most common way to install it — mostly for convenience. Alternatively, you can edit the permissions for all of the above back to write only (except the uploads folder) if you wish to achieve the highest level of security possible.

All said: The above applies to outside attacks – if your password is compromised, then none of the efforts above will make any difference at all.

Note: I will be working on a schema using Adobe Dreamweaver to modify my installation and only upload the modified files, eliminating the need to continually modify folder permission on the live server. More to come on that — link when it’s complete.

Hide the wp-config.php file

This is a hacker magnet, a file that holds a lot of very sensitive information about the installation of WordPress on your server. Up to and including your database password (YIPES). I found a great article about how to move this to another location for safe keeping… “Harden WordPress Security By Moving wp-config.php to a Non-public Folder” By Jack Busch

Disable File Editing

Speaking of the wp-config.php file, you are able to use this file (now in a top secret location) to prevent people from editing the pages in your folder/website. See, the WordPress dashboard allows administrators to edit PHP files directly from the dashboard and this is often a tool an attacker will use should they gain access to your login (not possible because you have an incredibly strong password). This gets a little tricky but all you have to do is edit the wp-config.php by adding this line and is equivalent to removing the ‘edit_themes’, ‘edit_plugins’ and ‘edit_files’ capabilities of all users:

define('DISALLOW_FILE_EDIT', true);

This will not prevent an attacker from uploading malicious files to your site but might stop some attacks.

Delete the default “admin” account

When your WordPress website is created, by default, the first account created is the admin account (which has FULL access to all settings).

On a brand new install, you can simply create a new Administrative account and delete the one created by default.

On an existing WordPress installation, you may rename the existing account in the MySQL command-line client with a command like UPDATE wp_users SET user_login = ‘newuser’ WHERE user_login = ‘admin’;,  — or by using a MySQL frontend like phpMyAdmin.

Change the table_prefix

Since every installation of WordPress is exactly the same, intruders know what the table names are in your database. They all have a prefix of “wp_” by default. By changing the prefix of the tables, you are making it much more difficult for attackers to exploit some SQL injection attacks. It is best to do this during the initial installation.

Backup everything regularly!

Backup your entire website, including the folder structure using your favorite FTP program. You also want to keep a complete backup of your database. In high-value situations, especially with many contributors, you’re going to want to backup very often, once or more per day. For the casual blogger, once a month should be fine but the more often the better.

Keep your backups organized. For example, if you are backing up every day, create a folder with the structure…


This way you will always know what the latest backup is and make it easier to clean up the folder periodically.

That said, if you are administering a large WordPress website, you should look into automating the backup process for both the FTP and database elements of your site.

Be wary of Phishing expeditions…

Since everyone knows you’re using WordPress, and most installations are exactly the same, it’s very easy for a bad actor to compose an email that looks like it legitimately came from your own website. Be wary of urgent messages, especially with links from “your server.” When in doubt, don’t click on anything on the email, go directly to your dashboard and check everything out on your own. It may be confusing because there’s nothing wrong, but of course there’s not, the email likely came from another country, completely unrelated to your installation of WordPress.


The time to think about security at the beginning, but also in the middle and end. Setting a great security foundation from which to build your creative outlet will pay off in the long run. Protect yourself, your server, and even your readers and subscribers by instituting a tangible website protection policy from the moment it is deployed.

Here is ANOTHER blog setup!

I’ve been “blogging” since the 1990s and have used everything from hand-posted blogs to, blogger, WordPress and all points in between. I stopped blogging for the past few years as life has been a little topsy-turvy.

For the past year, I have been studying to get back into blogging — sharing my experiences and ideas with the people who care to read. After coding my own blog and looking at available resources, I’ve decided that WordPress is the way to go.

At first, I considered a package — heck, I even recommended it to a friend last week — but since I have a huge hosting foundation, I decided that I would install and maintain my own deployment of WordPress.

Why WordPress?
I chose WordPress because it is, by far, the most popular, robust and extended blogging/sharing platform available today. I’ve avoided it in the past due to security concerns and the fact I really never learned PHP (coding language). I have “grown out of” the need to hand code everything myself and am more interested in a convenient and flexible platform from which I can share my thoughts, skills, and experience.

This site,, will simply be a place I use to test, edit and experiment for the SEVERAL other blogs I have coming soon. I will establish a protocol and checklist for standardization, upload, backups, and script testing. This site — if made public — will be nothing more than a testing platform that I intend to break and fix over and over again. I plan to have more refined technical postings on a sub-blog on another website.