Half-Elf on Tech

Thoughts From a Professional Lesbian

Tag: administration

  • WordPress Sidebars as Menus: Part 2

    WordPress Sidebars as Menus: Part 2

    Happy Thanksgiving.  Here are some more ideas, partly based on the comments left in post #1.  At the bottom is a gallery of all the various mockups, and feel free to download, tweak, etc.

    More Compact

    Instead of a big Sidebar Locations box in upper left, what if you made location an element in the Sidebars themselves (Primary, Test)?

    This has the location selection in the Sidebar Area itself.  I’m not sure if I like the multiple saves, but if you have a long Sidebar Area, it seems sensible I made the space a big bigger with the idea that plugins could hook in and add things.  More on that in a minute.  You’ll also notice that there’s a scrollbar for the ‘Available Widgets’.  Yeah, we lose drag/drop with this scenario, and while I agree D&D is very cool, it’s starting to get unmanageable when you want to drag a widget over to the area halfway down the screen.  My grandmother said it was impossible for her to scroll in two directions (over and down) while holding down the mouse button.  Mind you, she’s a 90-year-old with glaucoma.

    Selecting a Location

    Here’s what the dropdown looks like.  Obviously we’re on Twenty Eleven here.  The ‘blank’ is for ‘none’ which, on reflection, may need to become ‘(none)’ instead.  It’s obvious to me that blank == none, but I’m not sure how new users would feel about that.  Yes, my rounded corners suck.

    Hover Over

    Again, my colors  and icons suck here, but this is a large pointer finger hovering over Custom Menu being told “Use this to….”  My (minor) concern with this is that Akismet, for example, has the description of … Akismet.  Singularly useless.  You’d think it’d be better.  But they’re not the only ones who slacked off on descriptions, so some of these will suck.  Still, color it any which way and a hover-up will provide information.

    The major concern I have, again, is accessibility. I’m hoping that this has already been hashed out before and we don’t have to invent something all new to allow screen readers to parse what things are for.  That would be a deal breaker to me.

    New Sidebar Screen

    Here is the ‘new’ screen, complete with directions and a button.

    Jane's Suggestion - Green

    By the way, since I suck at gradients, I opted not to make ‘Create Sidebar’ in the button, but that’s a nice idea too.  Of course, with Jane’s recent post about the square button, that  works too.  I spun up a inverse of that, since it mimics the blue background and looks ‘obvious’ to me.

    With Description

    I LOVE the idea of a visual guide to where the sidebars are. Makes me think of Stephanie Leary’s layout fiddling with IDs:http://sillybean.net/downloads/widget-admin-ui-altered-with-ID.png (Trac ticket #18334:http://core.trac.wordpress.org/ticket/18334 – some other cool ideas there, too.)

    I love Stephanie’s idea too, but. I really didn’t like the ‘uneven’ feel of her screen (not her fault, it’s just CSS layouts drive people to drink).  Her’s works because you see where the widgets are going to go.  I would want to have it be a wireframe.  This is one idea for where to show the description, though I’m not really sold on it.

    Sidebar Logic

    know that Jane mentioned per-page widgets as a priority (maybe in IRC?), but we’ll have to wait until after the core team meet up to see what they decide on as goals.

    On the other hand, I really like my idea for Sidebar Logic.  If you’ve used Widget Logic, you get the idea.  Put in the PHP to say ‘This Sidebar shows up on the Main Sidebar area IF these parameters are met.’  It’s not as ‘per page’ as Jane probably had in mind, though, and I’d like to see it avoid the need for PHP, but on the other hand, I’d love to see something plugged in there.

    That’s all I have for you today, but here’s the Gallery, as promised!

  • WordPress Sidebars as Menus: Part 1

    Okay, fine, not all widgets are used in sidebars. I’m going to use sidebar here to make my life simpler and trust you know what I mean. After reading Trac 17979 and Jane’s post on Wherefore Art Thou, Widgets? I had some thoughts.

    Right now, when you switch themes, if the sidebar doesn’t match a new sidebar area, the widgets get dumped into ‘Inactive’, which makes if difficult if you want to switch themes for testing. Kbitzing on this on Twitter, like we do a few of us started kicking around ideas, most of which the UI team folks in dev-chat had already gone through.

    My first draft was pretty straight forward:

    But then Jane pointed out:

    https://twitter.com/#!/janeforshort/status/138400574516375554
    https://twitter.com/#!/janeforshort/status/138400669953564672

    Which is true. I have over 20 available widgets here, and that list would get pretty damn long. While a list of checkboxes strikes me as less pretty, you would be easier able to manage this:

    In either case, you’d want the widgets ‘box’ where they’re listed to be scrollable. I’m fairly sure you could make an auto-resizing box that grew and shrank by height depending on how tall your window is and then allow for scrolling the rest of the way.

    At this point, we’ve reached the end of my practical knowledge. I know that menus are stored in the wp_posts table as a custom post-type called nav_menu_item. And then the actual data is over in the wp_postmeta table, where the post_id is the same as the ID from the posts table, and the _menu_item_* settings are where the magic happens.

    Post Meta Menu Example

    On the other hand, widgets are stored in the table wp_options and not in the same way. They’re in one master field sidebars_widgets which stores all your information for widgets, which ‘sidebar’ they’re in, active or not. Each individual widget stores itself in widget_NAME.

    Widgets in the DB

    Clearly it would be a bad idea to attempt to save the widget data in post-types, so we’d have to have some way to reach back and get the data. But if it were possible to toss the sidebars_widgets data over into the posts table, then they’d be brought over when you ran an export/import of your site much like menus are, which would make moving people off of MultiSite and over to their own site a heck of a lot easier, wouldn’t it?

    This is as far as my thinking takes me, but it’s something I’d love to play with.

  • Request: Multiple Domains, One IP SSL Certificates

    This is actually a request. The server that runs Ipstenu.org hosts three other domains. I set up my self signed certificate just fine for *.ipstenu.org, but I want to add on the other domains. For some reason I seem to be failing.

    I somehow managed to get it half-baked. If you go to https://otherdomain.com it kicks you to https://ipstenu.org/wp-signup.php?new=otherdomain.com which isn’t what I want at all.

    I’m using WHM on CentOS 5.6 and I’m a total newbie when it comes to all this! Links to tutorials with pretty pictures, advice, or directions are all welcome!

  • Running My Own Social Network Falls Short

    Running My Own Social Network Falls Short

    Webchick is a good cat herder - Some rights reserved by muir.ceardachI say this having run a variety of social networks, from blogs and forums to MUSHes and Facebook ‘Wall’ type things. I’ve been around and I’ve had to manage cats in myriad situations.

    The problem they all have is managing spammers and trolls.

    Spammers are, weirdly, easier. You use a decent plugin/extension, you block the idiots, you move on. But trolls. Oh lord, trolls. You know those users you just want to take out back and kick until they find a clue, but you know they never will? Right.

    When I was on a MUSH, I came up with a tool called the ‘Ban Hammer.’  If you’re not familiar with it, the basic idea is anyone can log on, make a character and join a role playing game.  Sounds great.  If someone breaks the rules, the people in charge (Wizards) can delete their character.  The problem I had was someone was coming and not breaking the rules, but had made himself basically unwelcome.  The Wizards wouldn’t delete the account because “Being a Dick” isn’t against their rules.  I decided to write a tool that looked for this user and locked every room, door and exit against him.  On top of that, if he tried to teleport into a room, it booted him out.  And he got a message “You are not currently welcome here. Please speak with Ipstenu.” (or whomever was the local area boss).  Then I shared it with everyone on the game.(If you can’t tell, I’m a huge proponent of sharing and Open Source. I gave people the source code too.)

    As I see it, the problem is that most social extensions are fantastic in a closed system, but the minute you open things up to anyone, you have the problem of user management.  Facebook and Twitter are failing at it today.  There’s just too many spammers and trolls to manage. Most people spend time and effort hunting down spammers, which is probably why managing morons falls by the wayside.

    The other interesting point I’ve noticed is that most programmers don’t run social sites. They use them, but they don’t manage them as an end-moderator. These are totally different skill sets and, as with all separate skill sets, there’s often a disconnect between what one sees as a need and what the other sees as a want.

    I have to rewind here. My high school had a big emphasis on teaching us the difference between a want and a need. You need food. You want hot water. “a simple life school, where one learns to get on without” (Paul Squib – Founder of Midland School”) A lot of my decisions in life roll back to that simple premise. If you needed something, the school provided it. If you wanted something, you worked for it. I learned how to chop wood and make a fire in order to make enough hot water for 14 teenage girls to shower because we wanted the water hot. (Funny Midland story. We basically had an old propane tank, fitted with a small stove ‘hole’ to make the fire. You started the fire, added the logs, and stoked it for about 2-3 hours to heat the water, often augmented by the solar panels. If you made the water hot enough, however, you created steam, which would flip a switch on the safety switch so people didn’t get scalded. It was called the ‘Steam Lock’, and we measured our abilities by how efficiently you could activate it. I learned how to do it on my second shower fire, having been taught by Amber and Katie. Thanks, girls!) Because of that, not a day goes by that I don’t think “Is that a want or a need?” And I am ruthless with myself about that. Because of that rigorous crucible, I am confident what I say that I know what I need, I really mean that.

    The tools I need to deal with trouble-making users aren’t many.

    Track IPs – only to keep tabs on repeat offenders. A spammer’s IP doesn’t matter. Bob the troll’s does. This is going to always require a level of manual intervention, that a human will have to go in and think about things, but that’s not a bad idea anyway.  I made a WordPress plugin called Register IP Multisite to handle that for both single and MultiSite.

    Flag as spam – I need to be able to say ‘Bob’s acting an ass. I want him to go away.’ Really this should be ‘flag as bozo’ as he’s not a spammer, but I’ll take either one. A time out feature to put people out of sight from the users for a while. Obviously, again, there’s a level of manual work required.  You can do this on WordPress MultiSite, but not single site, and it’s silly to think that you would have to go to MultiSite to enable this.

    Bad Words – Sometimes it’s easy to stop the jerks. Sometimes I just want to keep a place clean for kiddies. Most tools, blogging or otherwise, have a way to clean words, but then you have strange problems. If you use, say, “cialis” as a bad word, you block “socialisim.” Ooops! Also, I would like to block people from using bad words in their ‘name’, and not just comments. But again, this needs manual monitoring.

    The tools I’d want, but don’t need, are also few:

    Report users – Most forums have this ability, to let people patrol each other. Google+ has it. If you’re opening up your site to the world, you have to be able to let the crowd help you. But within reason. You can only report people once, for example, and after X reports, someone should be just blocked for now until a moderator manually steps in.

    What about you?  What tools do you know you can’t live without?

  • Don’t Use WordPress MultiSite

    Don’t Use WordPress MultiSite

    Edit: It’s May 2015 and this post is still relevant.

    I talked about this at WordCamp SF 2013. Check out my slides or watch the video.

    I love MultiSite. I think it’s awesome and very helpful when you want to make a network of sites. But more and more I see people doing things where I just tilt my head and wonder why they’re using MultiSite for that particular use-case.  People seem to think that simply because they can use MultiSite that they should use it, and this simply is not the case!

    MultiSite, either by intention or effect, works best when you think of it as running your very own version of WordPress.com.  You have a network of sites that are disconnected from each other, data wise, but share the same available user base.  That means the only ‘information’ that is shared between two sites is your user ID, and even then, unless you’re explicitly granted access to the site, you’re nothing more than a subscriber.  Which is to say you can read the site, and comment.(You could get nitpicky here and point out that there are a lot more things one can do as a subscriber on a site, but you understand the gist.)  That means that while there are many perfectly valid reasons for having a MultiSite, it will never be a perfect solution for all people.

    One of the best alternatives to MultiSite is Custom Post Types.  They let you make ‘subfolder’ additions to your site and format them as you want.  There is a drawback, though, in that you cannot use YYYY/MM/DD in your permalinks for them (Otto on Custom Post Types – wp-testers email list) however I would wonder why people use that anyway these days?  The only reason I use YYYY in my URLs is that I believe there’s a date on the usefulness of these posts, and if you come back in five years, you should know how old the information is.

    Another alternative is good planning.  If you sit down and define your needs for your site before you build it out, and plan for the growth you desire, a lot of things become clear.  Think about how many different places you’d want to go to maintain your site.

    Here are some examples of sites that should not be built out as MultiSites:

    To Categorize Posts

    File CabinetThis one comes from my girl, Andrea, who reminded me of a fellow we ran into who wanted to have one site to post from, and each post would go to a special site based on the category.  WordPress already has that built in!  It’s called, get this, ‘categories.’  Now the user in question said he didn’t want categories because your URL shows up as /category/pemalink, and that wasn’t his desire.  So I suggested Custom Post Types.  /posttype/name was much better, and he could add in tags as he wanted.

    When Your Site is Homogenous

    Do you want your whole network to look and feel 100% the same?  Don’t use MultiSite.  If every single subsite is going to be exactly the same, except for content, but the content is all written the same way, you don’t need MultiSite.  Replicating the theme and settings on every subsite is a pain, and you can achieve the same result with categories, tags and CPTs.  You can even use a membership plugin to control who sees, and has access to, each CPT!(Role Scoper claims to do this, in fact.)

    Now someone will point out that this site fails that check!  If you notice, three (four, kind of) of the sites look very similar. Same general layout, same links and sidebars, but different headers.  This site could have all been done as categories and CPTs, and not needed the multisite until I hit on the children sites like the one for my grandmother.  But.  When I built it out, I decided to put my tech posts on their own page to separate the writing.  They are separate sites.  What I write here is vastly different from my blog, and that’s important to me.  The site has the same ‘feel’ in look alone: the context is what separates us.(And I have a plan for the photo blog.)

    For One Special ‘Thing’

    I’m guilty of this one.  I had a site that was a blog, and I wanted to make a ‘video’ section.  So I made a MultiSite!  Boy was that dumb.  Two admin areas, two sections for layout, and I wanted the site to still look like ‘itself.’  I caught a clue later on and converted the whole thing to Custom Post Types!  Much easier to maintain!  Now I have a smaller, faster, site.

    Users Shouldn’t Know About Each Other (AKA Separate User Databases)

    Andrew Norcross pointed this out.  If you need users to be on different sites, but not aware that they’re on a network, don’t use MultiSite!  Now, yes, there are ways around this, however it’s an auditing nightmare for any large company, and a security risk that you should be aware of before you start.

    Hidden UserCurtiss Grymala points out that if you need totally separate user databases, this is a strong case against MultiSite.  Be it for security or just obscurity, if the users need to be separated  don’t do it.  There are workarounds, but you’ll spend more time on that then updating your sites.

    Hosting Small Client Sites

    I don’t host my Dad’s site, Woody.com, even though I maintain it.  Why?  Because, as

    Cristian Antohe said, he just needs a standalone WP install.  Would it be easier for me to have one place to go to upgrade him?  Yes and no.  He’s small, he doesn’t need a lot, and he now owns his domain, his site and his email, all in one place.  It costs him $7 a month, plus the number of meals he buys me when we’re in town together, and he’s master of his own domain.  This is great for him, because if he fires me, he still has everything.  Also, if he does something weird that spikes his traffic 500% (like last month), it doesn’t affect the rest of my sites.  Factor that into your budget.  Make your client own their own data.

    Users Need To Embed JS Into Posts

    This is not a bug, people.  Only the Super Admin on a MultiSite install has the access to include iframes, javascript, and other non-oEmbed’d data into posts! You don’t want them to!  If you’re running a MultiSite, you’re the big dog, and you’re responsible for limiting their actions to things that won’t take down everyone because they don’t understand what an insecure iframe hack is.  Yes, there’s a plugin that will let you allow this.  No, I won’t tell you what it us, because unless you’re using a 100% locked down, you approve users you know and trust with your car, site, you do not want to open this door.

    If you can’t give them they access they need via shortcodes, then they need to host themselves, or you host them separately.  Protect everyone on your network, and don’t give them unregulated access.

    Users Need To Install Themes/Plugins

    Curtiss again reminded me that MultiSite doesn’t let you let your users install themes and plugins as they want.  You can, via the use of clever themes that save settings per site (like TwentyEleven) and plugins that allow you to tweak CSS (like WordPress.com Custom CSS) give them more customization, but you cannot give them access to install plugins and themes.  Why?  Because those things will be available to everyone on the whole Network.(There are plugins to manage plugins more granularly, and only permit some sites to use certain plugins, but again, this isn’t something everyone on your network should have access to do.)  Remember, we’re sharing here!

    Same Post, Every Site

    I keep running into this one.  “I want to have the same post pushed to every single site on my network!”  I understand why people do this, I just think they’re doing it wrong.  It’s not just that MultiSite is meant to be separate (aka individual) sites, it’s that you’re diluting your content.  The more different places someone can go to in order to get the information you’re providing, they less impact you have because you’ve given them too many options.  Decisions.  Make one. Also, as Andrea reminded me, identical content in multiple places is something spammers do. Google will downgrade your site ranking if you do this.(This doesn’t impact categories, tags and archives because of the use of canonical links.)

    Mimeograph (copy)Now, one user said he needed to do this as a business decision, because each of his (mapped) domains was a separate brand.  But the separate brands had shared data.  So … they’re not actually separate, but children.  Me?  I’d have everything link the shared data back to the master brand.  McDonalds may sub-brand out happymeal.com (they did!) and make a whole separate site, but if you click on their ‘Privacy’ link, you go back to macdonalds.com!  Why?  Because the parent brand is where that stuff belongs.

    BuddyPress Separation

    This comes from Andrea again.  If you need to have totally separate BuddyPress installs, use separate installs entirely.  Just … y’know, you can do it other ways, but it’s not worth it.

    What else?

    This list could go on and on, so jump in and tell me your reasons why you’d never use MultiSite!

  • SSL Self Certification and WordPress

    SSL Self Certification and WordPress

    I wanted to lock a single-site WordPress install down to use SSL admin because I’m a tin-foil hat wearing nerd. Or more to the point, I detest the idea of clear-texting passwords! Most of my problem was finding directions. See, I knew I had to add define('FORCE_SSL_ADMIN', true); to my wp-config.php file, but when I did that, I got an error:

    SSL error on chrome

    Turns out I’d never turned on SSL for my server! My problem then became that I don’t want to shell out $100 a year for SSL when it’s just me no my server, no one else. Once I determined all I wanted was to create an SSL Self Signed Certificate on my server, which has WHM, it got a lot easier!

    There are drawbacks to self-signing.  Firstly, every time I login on a new browser, I have to tell it ‘Yes, trust me!’  That’s annoying.  If I was using this for other things, I’d have to remember to type in httpd every time, but WordPress is smart enough to redirect that for me.  Also, back in the day, Chrome was an idiot about them and wouldn’t let me use them!  but I use self-signed without knowing it for ages, because my host set that up for cPanel and WebMail.  I’m not a business, it doesn’t bother me.  If I was, I’d charge more and shell out.

    Chrome Cert Alert

    All that error means is that “Hey, ipstenu.org signed this, and I don’t know who that is!” If you read further on that page, there’s a link to ‘Help me understand!’ and it explains:

    In this case, the certificate has not been verified by a third party that your computer trusts.

    Which is 100% true. By self signing, I’m skipping 3rd party verification and telling you to trust me. Looks scary, it’s really not if you know what you’re doing. If you’re willing to deal with this error every time you login on a new computer, then you too can SSL yourself to a little more safety!

    These directions will only help you if you’re using a VPS or dedicated server. You’re going to do all the work in WebHost Manager.

    1. Go to Main >> SSL/TLS >> Generate a SSL Certificate and Signing Request
    2. Fill in the fields – the passwords have to be alphanumeric, and remember to use the right domain. If you use www.example.com as your default, use that.  I use just example.com for all my sites so I did that.
    3. Save the data to a text document.
    4. Go to Main >> SSL/TLS >> Install a SSL Certificate and Setup the Domain
    5. Import your certificate data (or paste in from text)
    6. Select Submit

    If it works, Apache will restart and you’re done!  If not, you have to read the error.  My problem came with the domain details:Browse/details

    I was able to skip steps 1-3 and just go right to ‘browse’ since, apparently, at some point I’d done them before.  The problem was for my second site, it’s on my shared IP, which meant I had to put in the User of ‘nobody’ instead of the user name.  Not a big deal.

    After that, I was done and could log in to my site via SSL!

    But wait… What about MultiSite?  Well if you’re using subfolders, this is great.  Subdomains, however…  See the host name has got to be the domain name:  halfelf.org in this case.  So if I wanted to make one for all my subdomains… Owch.

    Then I thought that maybe, just maybe, the computers were smart enough on their own.  So I did this:

    Create a New Cert - Wildcard

    And then this:

    Wildcard certificate install

    Now, since I already had an ipstenu.org cert, I had to delete that one first. But once I did it, I was done. I turned my multi-site into something a little more secure!

    And now you can too.