Let's Encrypt SSL certificates on cPanel hosted sites

SSL is one of the most important technologies in use on the modern web. It enables all kinds of business, collaboration, commerce, activism and communication to happen securely, and the Internet couldn't thrive without it.  Yet for the average person, alongside domain name registration and management, obtaining and renewing SSL certificates has always been one of the least accessible and convenient parts of having a website.

So I was particularly proud when a year ago my employer Automattic became a sponsor of the Let's Encrypt initiative and even more proud earlier this month when we rolled out free SSL for all domains hosted on WordPress.com, using Let's Encrypt certificates. All of the sudden a huge portion of the world's websites were using SSL to make sure communications between site owners and users are encrypted and secure - amazing!

Let's Encrypt is itself pretty amazing. A bunch of industry experts got together and decided it was time to make the process of obtaining SSL certificates free, automatic, secure, transparent, open and cooperative. This is a long way from what it looked like in the late 1990s, when just a few "certificate authority" options existed, you could expect to pay $100 or more for a certificate, and the application process was painfully slow and analog (think faxing your corporate articles of organization and a photocopy of your driver's license to a call center somewhere), and that's all before you had to mess around with recompiling or reconfiguring Apache to use SSL on your site(s). Even with Let's Encrypt and other modern options some of the concepts and steps remain too technical for many site owners to tackle, but it's getting better all the time.

I'm used to paying around $10/year for SSL certificates on a few of my personal sites, and I actually haven't minded that price point given that the rest of the process has been pretty easy for me to manage. But I recently decided to try using a Let's Encrypt SSL certificate on a site that didn't have one yet, and I'm sharing the steps involved here.

Continue reading Let's Encrypt SSL certificates on cPanel hosted sites

Theme dev with Bones, Sass, Vagrant and PhpStorm

I recently played around with building a new WordPress theme from the ground up, and I'm sharing some notes here about what I learned along the way.

It had been a while since I'd created a WordPress theme from nothing, and I knew that best practices had shifted quite a bit since then. I also wanted to use a more modern development workflow than I'd previously been used to. In my daily work I get to help our clients test, refactor, optimize and launch their WordPress themes (and I enjoy that quite a bit), but sometimes I just want to tinker for a personal project.

I also had an itch to scratch with 47374.info, a site I'd created in 2011 to aggregate local news headlines into a single, simple list display. It uses the great FeedWordPress plugin (along with some custom Perl scripts I wrote to scrape news off of local sites that embarrassingly don't offer their own RSS feeds) and does its job just fine, but it wasn't responsive, the mobile theme wasn't working so well for this use case, and there were more and more parts of the original theme I'd used that needed cleaning up. I also wanted to create something that looked and worked a little bit more like the Hacker News front page (without voting or comments). I am my own primary target user here; the site in question tends to get 40-60 visitors per day (I hope you're enjoying it, whoever you are), but I know I use it every single day.

I didn't quite have the time to start with a totally blank slate, so I started looking at some of the starter themes out there: Underscores, Components, Minimum Viable VIP, and Bones were the main ones I considered. These starter themes include all of the basic requirements of a WordPress theme so you don't have to literally create each new file (like single.php and style.css from scratch). Each option then offers its own unique flavor to what a starter theme should have. For example, the Minimum Viable VIP theme is designed to have everything a developer on the WordPress.com VIP platform would need to implement basic functionality while also meeting code security and performance standards on our platform.

In my case, mobile-first and responsive was a top goal, and while Components has some great options there, Bones seemed to take care of what I wanted with a little less extra stuff thrown in. (Some day I will learn to write media queries from scratch, not this time around.)

So I downloaded Bones, opened it up, and started poking around. And that's when I encountered this:

Continue reading Theme dev with Bones, Sass, Vagrant and PhpStorm

Visioning questions for web development

This post is a list of all the questions that I and my team would try to get our clients to answer (in some form or another) during our early conversations about a website development project at Summersault. I'm dumping them out here in case they might be useful to others.

Every project is different, but if you're planning a new website and/or are considering hiring someone else to help you with that work, you'll probably give everyone a head start by having these questions answered:

Continue reading Visioning questions for web development

Interpretations of "mobile-friendly"

This post is a revised version of a post that previously appeared on the Summersault blog, now edited to be more generally useful.

If you've read any kind of article on website development or related topics from the last few years, it almost certainly told you that making your website "mobile-friendly" is critical to its success.  Everyone wants their new website to look great and work great, and they want to make sure it's mobile-friendly too.

It's a great goal, but it can also be a confusing one.

Making a website "mobile-friendly" can mean a lot of different things depending on the type of site and the end result you're looking for.  Most new websites created these days now have some minimum level of compatibility with mobile devices, but when discussing mobile-friendliness as an interest or when you need to use mobile components to achieve a particular business/organizational goal, there are some details to talk about.

Here are a couple of different interpretations of the phrase "mobile-friendly" when it comes to website development:

Continue reading Interpretations of "mobile-friendly"

On the healthcare.gov rollout failures

Low DangerThere's already been much armchair quarterbacking of the botched rollout of healthcare.gov, so I doubt I have much new to add to the mix.  But as someone who's led or programmed the creation of web tools for much of my professional life, I can't help but share a few observations:

First, I must give thanks that whatever times in my work I thought I've had a client who was difficult to work with or a painful "design by committee" situation that was getting out of hand, at least I've never been hauled before a Congressional Oversight Committee to answer questions from bureaucrats about the intricate details of website development. NIGHTMARE. However badly they may have messed up, I still feel a little bit sorry for the people who now have to go through that grilling.

Continue reading On the healthcare.gov rollout failures

Live Chat Room for Richmond, Again

IMG_2256.JPGI'm trying out a concept for a new local website, live-richmond.com, and I want to get your feedback.

The main point is pretty simple: provide a real-time discussion room for Richmond/Wayne County citizens to talk about the issues of the day, chit-chat, and whatever else seems useful, any time, day or night. The way it's set up now, a "robot" will periodically insert a headline, weather report, event, etc. from local sources into the room for those joined in to talk about. Users can carry on private chats with each other if they choose. Real names are encouraged, relative anonymity is certainly possible.
Continue reading Live Chat Room for Richmond, Again