Creating a private website with WordPress

When we became parents in 2015, Kelly and I talked about where and how we wanted to share the initial photos and stories of that experience with a small group of our family and friends. In case you haven't noticed, I feel pretty strongly about the principle of owning our digital homes. So I felt resistance to throwing everything up on Facebook in hopes that we'd always be able to make their evolving privacy and sharing settings and policies work for us, while also trusting that every single Facebook friend would honor our wishes about re-sharing that information.

I took some time to explore tools available for creating a private website that would be relatively easy for our users to access, relatively easy to maintain, and still limited in how accessible the content would be to the wider world. (I tend to assume that all information connected to the Internet will eventually become public, so I try to avoid ever thinking in terms of absolute privacy when it comes to websites of any kind.)

I thought about using WordPress.com, which offers the ability to quickly create a site that is private and viewable only by invited users while maintaining full ownership and control of the content. I passed on this idea in part because it didn't allow quite the level of feature customization that I wanted, and partly because it's a service of my employer, Automattic. While I fully trust my colleagues to be careful and sensitive to semi-private info stored there, it felt a little strange to think of creating something a bit vulnerable and intended for a small group of people within that context. I would still highly recommend the WordPress.com option for anyone looking for a simple, free/low-cost solution to get started.

Here are the WordPress tools I ended up using, with a few notes on my customizations:

Basic WordPress Configuration

For the basic WordPress installation and configuration, I made the following setup choices:

  • I put the site on a private, dedicated server so that I had control over the management and maintenance of the site software (as opposed to a shared server where my content, files or database may be accessible to others).
  • I used a Let's Encrypt SSL certificate and forced all traffic to the SSL version of the site, to ensure all communication and access would be encrypted.
  • I set up a child theme of a default WordPress theme so I could add a few customizations that would survive future parent theme updates.
  • I set "Membership" so that "Anyone can register" in the role of Subscriber (see more below on why this is okay).
  • For Search Engine Visibility I set "Discourage search engines from indexing this site".
  • For discussion I set "

Continue reading Creating a private website with WordPress

Using Todoist to organize all the things

For just over two years now I've been using Todoist as my primary to-do list manager and personal organizer software. I pay for the upgraded Premium version at US$28.99/year. I really like it and it's helped me stay on top of all the things I want to get done in my professional life, personal life, local community and beyond.

(Before Todoist, I'd been using Taskpaper and loved the simplicity of its interface and file storage. The software hit a period of being unmaintained and I really needed something up to date, so I switched. Taskpaper has since seen new life as a project, it's worth checking it out again too.)

The Todoist website linked above already showcases many of its features so I won't bother repeating those, but here are a few of the things I especially appreciate:

Continue reading Using Todoist to organize all the things

Preparing to have my wallet stolen

This post is from the "random life-hacks department."

I don't like worrying about losing my wallet. I don't really carry anything of great significance in it...little or no cash, some ID, and a few credit cards. But in the past I also knew that if I lost it or if it was stollen, I'd spend some anxious time trying to remember exactly what was in it, and then even more time searching around for the right phone number to call to get things canceled and replaced.

And it felt like there were more important things to worry about.

Ever since I started using 1Password, I don't worry about this as much any more.

Continue reading Preparing to have my wallet stolen

Theme dev with Bones, Sass, Vagrant and PhpStorm

I recently played around with building a new WordPress theme from the ground up, and I'm sharing some notes here about what I learned along the way.

It had been a while since I'd created a WordPress theme from nothing, and I knew that best practices had shifted quite a bit since then. I also wanted to use a more modern development workflow than I'd previously been used to. In my daily work I get to help our clients test, refactor, optimize and launch their WordPress themes (and I enjoy that quite a bit), but sometimes I just want to tinker for a personal project.

I also had an itch to scratch with 47374.info, a site I'd created in 2011 to aggregate local news headlines into a single, simple list display. It uses the great FeedWordPress plugin (along with some custom Perl scripts I wrote to scrape news off of local sites that embarrassingly don't offer their own RSS feeds) and does its job just fine, but it wasn't responsive, the mobile theme wasn't working so well for this use case, and there were more and more parts of the original theme I'd used that needed cleaning up. I also wanted to create something that looked and worked a little bit more like the Hacker News front page (without voting or comments). I am my own primary target user here; the site in question tends to get 40-60 visitors per day (I hope you're enjoying it, whoever you are), but I know I use it every single day.

I didn't quite have the time to start with a totally blank slate, so I started looking at some of the starter themes out there: Underscores, Components, Minimum Viable VIP, and Bones were the main ones I considered. These starter themes include all of the basic requirements of a WordPress theme so you don't have to literally create each new file (like single.php and style.css from scratch). Each option then offers its own unique flavor to what a starter theme should have. For example, the Minimum Viable VIP theme is designed to have everything a developer on the WordPress.com VIP platform would need to implement basic functionality while also meeting code security and performance standards on our platform.

In my case, mobile-first and responsive was a top goal, and while Components has some great options there, Bones seemed to take care of what I wanted with a little less extra stuff thrown in. (Some day I will learn to write media queries from scratch, not this time around.)

So I downloaded Bones, opened it up, and started poking around. And that's when I encountered this:

Continue reading Theme dev with Bones, Sass, Vagrant and PhpStorm

New plugin, Debug Bar Widgets

A few weeks ago I created a new, simple WordPress plugin, Debug Bar Widgets.

It adds a panel to Debug Bar that displays all of the widgets registered on a site, even if the widgets aren't active. There are probably simpler ways to get at the same info but I've found it useful in developing some of my other widget-centric plugins.

Pull requests welcome.

Cron rsync with encrypted SSH keys on OS X

There are many online resources about using SSH keys to achieve passwordless, cron-initiated tasks like rsyncing some files around. Most of these assume your SSH key is either not encrypted with a password, or that you're running the related command in an interactive session.

What I couldn't easily find recently was a way to make sure that a script initiated via cron on OS X 10.10 (Yosemite) and that uses an SSH key that is encrypted with a password would have access to that key as managed by the current login session's ssh-agent.

This problem manifested itself with the following kind of output from my rsync command - being used to back up some files from a remote server - when it was executed via cron:

Permission denied, please try again.
Permission denied, please try again.
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
rsync: connection unexpectedly closed (0 bytes received so far) [receiver]
rsync error: unexplained error (code 255) at /SourceCache/rsync/rsync-45/rsync/io.c(453) [receiver=2.6.9]

If I ran the same command from the shell prompt it worked fine.

Continue reading Cron rsync with encrypted SSH keys on OS X