WordPress is the perfect blog platform to complement The Next Generation of Genealogy Sitebuilding © (TNG) software. For genealogy pages at tivel.org, I decided to let TNG do what it does best, create and manage genealogy pages, and let WordPress manage an interactive and educational site about online genealogy. I simply link to the blog from TNG and to the genealogy pages from WordPress. This article discusses some of the main considerations necessary for an effective and stable blog. Some of the considerations will only be given a mention in the article, but further information will be provided in the resource section at the end of the article. So, be sure to look at the link listing at the end of the article for information that might help you with your own blog.
For a successful WordPress blog, careful thought must be given to the following:
- Plugins, and
In the past, some of my sites have been hacked—so I treat blog security very seriously. Blog security should be considered—even before the blog is installed. Hackers are very familiar with the basic WordPress file structure and other defaults. You can make your site more secure by changing some of the default settings as you install WordPress.
The default login user name for WordPress is “admin.” This should be changed to something more complex like, “tbyz-168.” Another setting to change is the default data-table: change the prefix from “wp_” to something else, such as “zk_.”
Passwords are another important consideration. I recommend using long, random passwords, such as qR0ZOf3CbPOD2aDs. I typically use 12-16 character passwords. There are many random-password generators available online.
One point of hacker attack is the WordPress wp-admin directory. This directory contains the files necessary to the administration of WordPress (the dashboard). Access to these files can be protected by creating an .htaccess file. Copy and Paste the following code into a basic text editor:
AuthUserFile /dev/null AuthGroupFile /dev/null AuthName "Access Control" AuthType Basic order deny,allow deny from all # whitelist home IP address allow from 192.168.1.1
Change the IP address in the code to your own IP address. Don’t know what your IP address is? Just do a Google search for, “my ip address.” There are many online services that will identify and report your specific IP address (such as 184.108.40.206). Save this file as .htaccess. The file will probably be saved as .htaccess.txt and you will need to rename the file to just .htaccess. Upload the file to the wordpress/wp-admin directory. The .htaccess file will prevent dashboard access to any IP address but yours.
As an additional security measure, I assign a file permission of 444 to the .htaccess file so that no one can write to the file (Figure 1).
To make changes to the file, I use my FTP client, FileZilla, to change the file permission to 644 (Figure 2), make the change, and then reset the file permissions to 444. My FTP client, FileZilla allows me to easily accomplish all of this. I can accomplish the same thing with the file manager from the control panel at my web host.
Sometimes, as with typical DSL service, the IP address changes; and, although your site will still be visible to visitors, you will not see the normal WordPress login screen or be able to log into the admin area. To restore normal access, you would need to edit the .htaccess file to reflect the new IP address.
As another, more global level of security, there are two files at my host to prevent FTP access to my sites from any IP address except my own: ftp.allow and ftp.deny. The content of the two files looks like this:
ftp.allow — ALL: Your IP Address
ftp.deny — ALL: ALL
Your host should be able to help you create and place these files. What this means, though, is that if your IP address changes, you would no longer be able to FTP to your site until the ftp.allow file was changed to reflect the new IP address. One solution to this problem for DSL users is to acquire a static IP address from your service provider.
WordPress requires a MySQL database, so your hosting service must allow you to create and manage a database. Today, there are many hosting choices which allow WordPress to run perfectly. For a more detailed discussion of the characteristics of a good hosting service, see the resource section. Some hosts enable Wordpess to be installed automatically from the control panel.
For a manual installation, you should be able to access to your host’s control panel in order to create the database. You should also be able to upload and unzip files through the control panel’s file manager. However, I prefer to use FileZilla, a no cost FTP manager, for transferring files to and from the host. I have included a link to instructions for manually installing WordPress in the resource section.
WordPress.org has a forum for help if you have installation difficulties and a good hosting service should also be ready and able to assist you with the installation.
The newest WordPress theme, Twenty Eleven (2011) has many features for today’s web sites—”out of the box.” These advanced features include CSS for a mobile friendly design. WordPress themes can be customized for a unique look and feel. My personal preference is to stay away from excessive glitz and to create a blog that is quick to load, easy to navigate, and does not distract visitors from the content.
The best way to customize a WordPress theme is to use a “child theme.” When using a child theme, customized files are kept in a separate theme directory. WordPress uses the unchanged theme files from the original, “parent” directory, as needed. For example, this blog’s theme is based on the 2010 theme and exists as a child theme in its own directory. The customized look of the blog is the result of modifications to a few files located in the “child” directory. Most of the necessary files for the theme are still accessed through the original 2010 directory.
The advantage of keeping the customized files in a separate directory rather than changing the original files is that the customized files will not be overwritten during an (automatic) WordPress version update: no files are changed in the child directory during a version update. This also applies to using any of the many themes available at wordpress.org or elsewhere. If you install and activate another theme, it will not be overwritten during a WordPress update.
If you are not comfortable with WordPress theming, my advice is to work with an “out of the box” theme and develop your site’s content. You can customize your site later as you acquire the necessary knowledge and skills. Always remember that it is the content—and not the theme—that is going to bring visitors to your site.
Check the resource section for a complete list of the plugins I am now using on this site.
I consider it essential to keep a copy of my WordPress sites on my local PC. I do this as a backup measure. Once the site is installed, and when I modify or create new files, I make sure that the backup reflects the changes. Of course, if I have uploaded huge numbers of images to an online folder, I would not make it a practice of downloading these during a backup: I would, however, make sure I had a copy of the images on my local PC or on CDs/DVDs. Certainly, I would want a good backup before a version upgrade of the WordPress files—just in case.
Along with backing up the core WordPress files, it is also important to backup the database. This is done from phpMyAdmin from the control panel at your host. I have included a link to a tutorial about how to do this. As you add posts and pages to your blog, be sure to backup the database—where the post and pages are stored—from time to time.
WordPress now makes updating the core WordPress files and plugins a snap. When new versions are available, you are notified of this when you login to the WordPress dashboard. You can then choose to do your updates automatically. Be sure you have a good backup before you upgrade the core WordPress files. This is particularly important if you have modified any of the core files (such as files in the 2010 theme folder) as they will be overwritten.
If you are new to WordPress, I recommend taking your time with the initial installation. For new installations, and keeping in mind the security issues I discussed above, I follow the steps below.
- Create an empty database at the host. WordPress will fill in the tables during installation.
- Upload and unzip WordPress.
- Modify the WordPress configuration file (wp-config-sample.php which you rename to wp-config.php) to tell WordPress how to access the database.
- Run the WordPress installer.
- Activate Akismet. This will require you to create an account at akismet.com to get an API key.
- Upload and unzip the Bad Behavior plugin. This will require a “BL Access Key” from projecthoneypot.org and you will have to create an account there to do this.
At this point, your site should be installed and secure. You can now add other plugins and/or content to your site.
If you want to develop your WordPress site on your local PC, I can highly recommend installing WampServer.
“WampServer is a Windows web development environment. It allows you to create web applications with Apache, PHP and the MySQL database. It also comes with phpMyAdmin to easily manage your databases.”
The software is easy to install and I use it on my local PC to develop web pages (including WordPress). I have included a link in the resource section for a tutorial about how to use WampServer.
For help with your WordPress installation, you can go the Forums at WordPress.org.
- Akismet — anti-spam (now ships with WordPress).
- Bad Behavior —
“Bad Behavior complements other link spam solutions by acting as a gatekeeper, preventing spammers from ever delivering their junk, and in many cases, from ever reading your site in the first place. This keeps your site’s load down, makes your site logs cleaner, and can help prevent denial of service conditions caused by spammers.”
- Google XML Sitemaps — creates and updates a sitemap.
- Fast Secure Contact Form — provides a “secure” contact form for your site.
- FileZilla — My choice for an FTP client.