Tag: administration

Who’s Following Me Anyway

There are two basic ways to deal with tracking people who follow you on the internet: don’t do it or overdo it.

In a recent post, Brian Gardner talked about embracing his unsubscribers, as he noticed a number of people un-subbing after he posted a personal post on his personal site. Since then, my friends and followers have asked me about how I feel, and I’ve had to explain that my basic philosophy of ‘tracking’ followers is this: I don’t.

Now this doesn’t mean I don’t keep tabs on metrics and browsers and the like, to know how to appeal to my readers, but it means the raw numbers, like how many people read a post, are by in large ignored. Except sometimes they’re not. At that point, I agreed that my methodology was complicated, and needed a blog post. So here’s when I do and when I don’t and why I do or don’t as needed.

It’s Personal

For the most part, I don’t track visitors on personal sites. I don’t track metrics. I couldn’t tell you who follows my blog on ipstenu.org, and I don’t really care. It’s my personal blog where I’ve decided to write for me, so if I track anything at all, it’s what browsers. A lot of people read the site on an iPhone? Okay, better have a good theme for that! One person is still using Netscape? Forget about ’em.(Sorry Mr. Netscape. It’s 2013, the Internet called and wants you to upgrade.) I never pay attention to the number of my followers on my personal social media accounts. Facebook, Twitter, whatever. I know who I’m following. When you stop being entertaining/interesting/enjoyable, I unfollow. It’s all just me being me for me. You’re welcome to read along, but it’s a personal site for personal people.

It’s Technical

Okay, so what about my professional sites? Well, I do and I don’t follow along, depending on how professional the site is. Take this site, for example. While this is certainly my more professional site (I initially split it out because my family reads the main blog and didn’t care about tech babble), I don’t have a dedicated Twitter account for it, or a Facebook fan page. It’s just another aspect of me. I do track metrics here, though. It matters a little more when I’m presenting content for education. I want to make sure everyone can read the site, get the data they need, and move on. And I do keep tabs on my subscription numbers a little, but I don’t actively watch who signs up and who leaves. The way I figure it, if you find the information valuable, you read.

The only times I’ve ever actually noticed traffic here was when Matt Mullenweg linked here and I got a massive uptick of rabid folks pissed off that I’d used the naming of Constantinople as a metaphor (you’re welcome for the earworm), and when Ars Technica linked to my posts about stopping the botnets with mod_security or with .htaccess.

This does not mean I haven’t noticed the increase in visitors from tens a day to a hundred and beyond. It just means that since I’m not trying to making a living from this site, it’s not something I dwell on very much. Every time I have to write an article about stats, that means I have to sit and study them here, because I’m just not tracking.

It’s Professional

But that really wasn’t me being ‘professional.’ What about my site where I have a custom Facebook page, a Tumblr, a dedicated Twitter account, and the whole nine yards? Oh yes, I track. I check analytics to see entry and exit pages, and I even have conversion goals. I notice my bounce rate, traffic flow, and all of those things. For work, yes, I monitor all these things, talk to marketing and sales about how to improve those things, write code to make things serve up faster and better. How did our campaigns go? What should be targeting?

Most importantly here, I try to understand the data I’m getting. We’re really good at collecting data these days, but we’re pretty crap at understanding it and using it to our benefit. How often have you seen A/B testing result in flawed assumptions? It’s not easy understanding what to do with the data. It’s not something you can do quickly, and most of us can use metrics and analysis to prove the point we want to make.

This is hard. It’s really hard and worst of all, how much weight you put in everything depends on who your audience is. How hard? Well there is a science in the testing but not many people use it right.

It all depends

And that’s really my point here. It all depends on what your goal is. Who are your readers and who are you writing for (they may not be the same)? Also who do you want to write for?

Everything comes down to having a goal, knowing what you want to do, and doing it. And there is absolutely nothing wrong with just writing for yourself.

11 November, 2013
Polyphemus Problem Pans Out
I use PHP in DSO mode, which is (woefully) insecure because it lives to save files as ‘nobody.’ Now, previously I found a ‘fix’ to this with WordPress, by tweaking some file permissions and a define in my wp-config.php file, and all was well. But if you know me, you know I’m polyamorus with my CMS, and WordPress ain’t the only game in town.

I love, love, love Zenphoto for a gallery that is larger than my thumbdrive. But I’ve been having an annoyance that acrylian and sbillard have been really patient with me ranting about for a while now. See, when you upgrade Zenphoto, it narked at me that I had bad permissions:

Oh how I cried. My work-around became to make those 777, upgrade, and change ’em back to 755, because that did work for nobody, but when Zenphoto moved the config file and had it be writable by the upgrader, I had to make that owned by nobody and the slippery slope was happening. This was not good. I brought it up again, but we all agreed this was very much a me-problem.

A new PHP

Now my choices were to deal with it, or change to a new PHP. Well there are problems with that, and neither suPHP nor FastCGI met my needs for speed and memory consumption. Also I tend to get error 500s when I try any of them on this server, which means I would have to do a total overhaul which I don’t have time for. Instead, I decided to look into why mod_php (aka DSO) likes to have nobody own this stuff. In my research, I stumbled across mod_ruid2, which is included in EasyApache.

In reading up on cPanel’s notes on mod_ruid2, I hit the incompatibilities list and winced. Right there near the top was MemCache. When I switched over to ZendOptimizer, I also switched to MemCache, and I really was not ready to give it up and go to XCache. Worse? It’s not compatible with mod_security. Epic fail. I absolutely cannot use this. Back to the drawing board until cPanel figures out a way to force it to work with those.

More searching introduced me to MPM-itk. This was something categorically not supported by cPanel (they backed mod_ruid2), but they still had some directions on how to do this in their forums: Using MPM ITK as a Custom Opt Module

I need to stress two very important things here:

1) This is NOT supported by cPanel.

They do include it in their Custom Mods, but they don’t support it’s use, and won’t include it by default because of issue number 2 (see below). Mind you, I’m no stranger to unsupported installs. I have ImageMagick in a higher version than they do, I installed wp-cli, and I have Pagespeed. So I pretty much run around always upgrading what I need. I am smarter than I used to be, and I have all this documented in a Word Doc called “Custom Installs on my server” which lives on Dropbox, for emergencies. Everything is written with code examples and as much copy/pasta as I can.

2) There is a security risk with mpm-itk because it runs as root.

I will quote the author:

Since mpm-itk has to be able to setuid(), it runs as root (although restricted with POSIX capabilities and seccomp v2 where possible) until the request is parsed and the vhost determined. This means that any code execution hole before the request is parsed will be a potential root security hole. (The most likely place is probably in mod_ssl.) This is not likely to change in the near future, as socket passing, the most likely alternative solution, is very hard to get to work properly in a number of common use cases (e.g. SSL).

Obviously this is a choice you need to make yourself. Perhaps ironically, by using setuid(), you’re protected from users cross-contaminating but this is not really a perfect fix for everyone. And frankly, this is not my preferred long term fix. My long term fix is this: Build a brand new server, from scratch, with FastCGI, and move sites over one at a time, testing as I go. That’s not today. Instead, it took me about an hour to figure this stuff out and install. And it worked out of the box. Well, except for one thing which I’ll get to.

Installing mpm-itk

These directions are pretty easy for cPanel/WHM. You install:
```
cd ~/tmp
wget http://docs.cpanel.net/twiki/pub/EasyApache3/CustomMods/MPMitk.tar.gz
tar -C /var/cpanel/easy/apache/custom_opt_mods -xzf MPMitk.tar.gz
```
Then you run EasyApache (/scripts/easyapache) and select mpm-itk from the Exhaustive Options list for PHP (it will give you a warning about the dangers, Will Robinson). Once the update is done, make sure all your normal settings are back in place, if you have anything special, and now you have to actually tell every virtual host what ID to use.
```
mkdir -p /usr/local/apache/conf/userdata/std/2/username
echo &quot;AssignUserID username username&quot; &gt;&gt; /usr/local/apache/conf/userdata/std/2/username/mpm.conf
/scripts/ensure_vhost_includes --user=username
```
Replace ‘username’ with your user name (you saw that coming, right?) and off you go. Of course, I had 10 users, so instead I scripted it:
```
#!/bin/bash
for user in `ls /var/cpanel/users`; do
    mkdir -p /usr/local/apache/conf/userdata/std/2/${user}
    echo &quot;AssignUserID ${user} ${user}&quot; &gt;&gt; /usr/local/apache/conf/userdata/std/2/${user}/mpm.conf
    /scripts/ensure_vhost_includes --user=${user}
done
```
Huzzah!

Cleanup, Aisle PHP

Once I had it installed, and it really was painless, I tested uploads on WordPress and everything worked. But I remembered what I had done back in 2011:

The last step I had was chowning the folder for uploads and 2011 to nobody:nobody.

This time I did it in reverse and chowned everything back to my user IDs. I did this for all sites, for all users, and all cache folders. Then I decided to look for all files and folders that were 777 (which I do at work when scanning for hacks) just in case I’d been stupid. I try to not be, but…
```
find . -type d -perm 0777
```
That listed all directories, and I was appalled to find some! That’s right. Up until recently, there were folders permission’d as 777 on my server. I bow my head in shame and embarrassment. Please forgive me, as I run this command to fix that:
```
find . -type d -perm 777 -print -exec chmod 755 {} \;
```
I also ran find . -group nobody to see if I had anything left over, and it happily came up empty. Then I went to double check everything worked. When I’d tested before, I did it on my single install of WP, my wiki, my gallery, another blog, and it worked. So I came here to post and I couldn’t upload images. Horror! Shock! I decided to scan my error log, and right away got a warning on cPanel: Out of disk quota.

Well that was an easy fix!

Now everything’s owned by the user it runs for, and nobody owns anything. Everything is secure (except for that ‘running setuid as root for a millisecond’ issue, and yes I’m keeping tabs on that), and everyone is happy. Especially me.

Bonus Internet points if you get the joke with the title.
23 October, 2013
Cloud Experiment
While I’ve mentioned that I don’t ‘get’ CloudFlare, I took the time to buttonhole the guys at DreamCon and explain my issues. Many thanks to Maria Karaivanova for her presentation at DreamCon, too, which helped me a lot.

Now, in so far as a ‘traditional’ CDN (where they host my images) goes, I don’t need it, but as a Cloud Proxy, I both understand and like it! The deal with a proxy is pretty simple: It’s an extra firewall between your server and users. Why is this faster? Because they have more servers than I do, which means they can handle a DDoS better than pretty much anything on Shared Servers will ever be able to do.

Keep in mind, a VPS can handle a lot of this on it’s own. I could install Varnish and use that for caching, but it wouldn’t give me the ability to have multiple servers serving my content, and that’s what I’m looking for with my experiment here.

It would be remiss if I didn’t note the more well known alternatives: Incapsula (starts at $19.99/month), Sucuri’s Cloud Proxy (starts at $9.99/month), MaxCDN (starts at $9.99/month), and Fastly (starts at $50/month). CloudFlare starts at ‘Free’ but its first paid offering is $20 a month for one website, $5 for each additional.

On My Server

I use ConfigFirewall (CSF) so I had to add in the CloudFlare IPs into csf.allow and csf.ignore. Yes, both, otherwise I got weird alert. This is pretty easy, though.

Next I installed mod_cloudflare because I wanted to preserve the IP address without having to muck with plugins on everything. This particular site is my ‘Not all WordPress’ site after all. The catch is if I do it all manually, I have to redo it every time I upgrade via EasyApache(Don’t judge me). I already have to do that for PageSpeed. That said, cPanel suggested I read Installing mod_cloudflare on cPanel, so I did that and then ran EasyApache:

So that was easy! By the way, TL Tech is one of my standard resources. They have a lot of tricks, and I’ve bookmarked ’em.

Finally I checked out if there were issues with PageSpeed and CloudFlare. CloudFlare says no, but indicates the redundancy. That’s okay. I did an extra step of telling PageSpeed to not modify caching headers, as that’s something we did for DreamHost and Varnish (DreamPress!). Just add this to your .htaccess section for PageSpeed.
```
ModPagespeedModifyCachingHeaders off
```
On CloudFlare

This was straightforward. Follow their directions and it’s fine. I went for free, and fiddled with my Security Settings a lot. I hate captcha. And I know, I knooooow, the users for this site will cry if they get hit by one, so I turned my security to “Essentially Off” – This is the only way to get rid of Captcha. Sad panda. I also turned “Browser integrity check” on for now.

In Performance Settings, I made Caching level “Simplified” and left the rest as default. Then I set up PageRules for WordPress and my other apps. You only get three rules with free (and 20 with the first level plan) so I made sure to free up the admin tools.

On my webapps

Last up, tackling purging caching. I’m far more familiar with this now, as I support a Varnish plugin that does much the same (and I did consider installing Varnish). The official CloudFlare plugin, for some reason, only serves the same purpose as mod_cloudflare, in that it restores IP addresses. But what I really want is a way to purge my cache with a new post. Pretend I’m saying this in that voice I used at WCSF… there’s a plugin for that: CloudFlare Cache Purge.

Sadly there isn’t a similar plugin/extension for my other apps. And this is why I ended up at my current conclusion…

Current Conclusion

Sadly, even after letting it bake for a few days I determined it wasn’t quite right for me. Everything worked, and if my site was more static, it would be perfect. But this brought up the same problem I’ve had with all caches: my dynamic content gets hurt.

What is static that I can and should cache? JS, CSS, font files, images. What is not static? Blog posts, comments that are happening all the time, fast and furious. A gallery that needs to update. A wiki that has a deadline. Worst of all, it prevented two of my apps from being able to make their own ‘static’ cache in the background. Now really that means I shouldn’t have to make my static cache at all, but this brought up another issue. Coordinated pushes of content, where four separate apps update 1-3 pages each at the same time means I need to be able to purge those pages, right away. And right now, there aren’t extensions to do that.

Of note: I noticed the exact same problem with Fastly and Varnish, so it’s not just CloudFlare, it’s a function of how these things are supposed to work.

What would I need to make these desirable? Basically I need a way to purge my cache on the proxy efficiently, quickly, and selectively. Now that I work on the Varnish Cache at DreamHost, I’ve seen how deep the rabbit hole can go with this, however, and I know fully how hard this is. Proxy Caching is not for everyone. When you have dynamic content that changes for logged in users on the fly, it’s a pain. I mean, I use PageSpeed to compress and cache CSS and JS, and I have to flush it when I update my site design. Caching your caching is always going to be tricky, unless there’s a simple, one click, way to say “I’ve updated these pages, please purge them.”

We’re not there yet.

Recommendation

CloudFlare is pretty awesome, actually. If you’re ‘just’ running a blog on shared hosting, I would seriously consider using it, especially in light of the various DDoS attacks out there. A cloud proxy will help you, if you don’t have server level access to tweak mod_security. The fact that CloudFlare gives you a ‘free’ option to test with, without having to give anyone your credit card info, makes it great for experimentation and puts it above the other proxies right now.

But with all things, keep in mind your personal usage. It’s not just “Does this make my site run faster?” but it’s a lot of “Does this make my usage of my site better?” For me, they win on the first and fail on the second. Maybe one day I’ll change my workflow so cloud proxy, or Varnish, can be the answer, but that’s not today.
7 October, 2013
Censorship in Moderation

Not everything to do with technology means code. Curating a website means, often, you have to edit your content and your comments in order to foster the sort of relationship with your visitors that you desire. In doing so, are we censoring? How do you decide how best to handle comments that make you uncomfortable, and how do you allow yourself to question your ever-changing personal morals (because they are), while keeping the right ecosystem on your blog?

I am a censor

From time to time, I make people upset. This happens, and while I don’t go out of my way to piss people off, it’s just a part of life. No one agrees with me 100% of the time (heck, I don’t agree with myself from last year all the time). It’s just what it is. We grow, we evolve, we look at things differently. When people get upset with me they tend to act like assholes on my websites, insult me, call me names, or basically try to take over all the comments here. When they do, I block them out of my life.

Seriously. When people start that crap, I block them from commenting here, I block them on Twitter and Facebook and Google+, and blackhole their email. End of story, no chance to come back. If you’re the kind of person who’s willing to go that far and call me a “man faced dyke” then you’re not the sort of person I care to associate with, goodbye.

Most people don’t get that far, though. I’m all for hearing dissenting opinions, especially the thoughtful ones that point out fallicies in my logic. I would much rather people post replies to my blog posts as comments (not Twitter guys), because that removes the oft-crippling 140 character limit, and thus takes away much of the problems with discussing complex topics. I like long replies. I leave them often. This means that the vast majority of the time, even if you want to shout at me and say my understanding of XYZ is wrong, as long as you’re not being personally insulting, I’m going to leave the comment up. When you start belaboring the point (beating the dead horse, as it were), and refuse to agree to disagree, then I start moderating your comments and possibly deleting them.

Is this censorship?

At some point on Twitter I said “Deleting your comment on my personal site may be censorship, but it’s not against any law.” And my friend replied:

@Ipstenu There's a big difference between gatekeeping on your own private property and censorship.

— Jinx Mylo (@jenmylo) July 9, 2013

The reason I used the word may is that, for an off-the-cuff Tweet, I had not done any research into what is and is not censorship. I know that we use the term ‘Self Censorship’ when we’re trying to stop ourselves from enjoying a foot-in-mouth moment, but are we using the word wrong? When I decide to remove a post that I feel is detrimental to my site, how is that different from Google censoring your results from a search, or Facebook deleting your comments?

My rule of thumb for comments is this: If what you just posted is something that would prompt me to get out of your car, leave your house, or ask you to leave my house, it’s getting deleted. It’s pretty cut and dried, and if my hand ever hovers over the “Well, maybe this is okay” button, I tend to leave it alone. But, like Gunnar de Winter posited in 2011, I don’t know if I’m censoring or not anymore.

A generally accepted definition of censorship is along the lines of this: “the surpression of a text, or part of a text, that is considered objectionable according to certain standards.” One can argue that my site has my standards, and thus my suppression of a comment I find objectionable is censoring you on this blog. I’m inclined to feel that it is censorship, but I don’t think this is a bad thing.

When is it censorship?

There is a difference between gatekeeping and censoring. If I make a political agenda post about a hot-button topic, and then proceed to delete all replies that promote the opposition, am I gatekeeping or censoring? What about when I delete (or edit) comments left by people who are insulting? Is that inherently wrong? Where’s the line between “I don’t like it” and “I’m offended by it”?

One thing to keep in mind is that this is not violating freedom of speech. Or rather, it’s not violating your protected freedom of speech. Look. You have the right to say whatever you want. I have the right not to listen. In the US, the amendment is pretty clear in that the freedom of speech applies to talking about the government. So I can talk about how much I hate Obama if I want to, and the government has no law to stop me. At the same time, this does not give me absolute freedom of speech, it just means that I have certain protected rights. In 1996, the Supreme Court extended the full protection of the First Amendment to the Internet (it was a 9-0 vote, too).

So why doesn’t this cover your right to say what you want on my blog? My blog is a ‘private’ entity. So is a newspaper for that matter, which is why your letter-to-the-editor may never see the light of day. Neither the NYT nor I am obligated to publish your words. Besides, it’s not restraining your expression when I do it here, as you keep the right to go talk about me and how much I suck or I’m wrong to your heart’s content on your own blog. I tend not to comment on those posts anyway, so don’t worry about me.

What’s wrong about censorship?

If I said “Censorship isn’t all bad” I’m sure a lot of people would shout me down. But … it’s not. We censor pornography, private information, details of bomb creation (see Mythbusters) and so on. None of those things are really objectionable uses of censorship. In a perfect world, people wouldn’t break the law in the first place, so we wouldn’t have to censor anything (because we’d all be trustworthy). Sadly, that’s just not the case. In general, when applied fairly and justly, censoring might not be terrible. When it’s abused, though, and someone goes to the point where they block you from posting on the Internet as a whole (just pretend that’s possible), then we’re into a problem. Which means it’s not necessarily that censorship is wrong, but abuse there of is wrong.

So back to Jen’s point, it’s not really censorship, is it?

I do oppose blanket censorship. But I also believe that protecting my blog’s community, as well as my own mental health, means sometimes I have to make the choice to close the door on some people. As someone who runs community sites, the health of the community trumps my personal feelings, but that doesn’t mean I ignore them. Finding that balance, in yourself and on your sites, is not easy. It’s an ever changing landscape to navigate, and no one can tell you what’s 100% right or wrong.

Dare to Disagree

Just as I finished writing this, Andrea Middleton sent me a link to a TED video of Margaret Heffernan: Dare to Disagree. It’s hugely important, when you decide to censor any comments on your site, that you not stifle constructive conflict. The importance of being challenged and letting yourself grow because of it cannot be expressed often enough.

[ted id=1533]

So Jen’s right. It’s not censorship, and I’ll keep on gatekeeping comments as I feel appropriate.

2 October, 2013
Entry Level Hosting

I’m going to preface this entire post with a statement that may annoy my boss: I don’t care who you pick for a webhost, I care that you pick the right host for your needs. With that in mind, I won’t be naming hosts by name.

But explaining what that means is complicated and weird, so let’s go through the ‘entry level’ hosts and what all this means for you, but also for your clients. After all, part of helping people get set up on a new webhost means actually helping them figure out what they need, and getting it installed

What is an ‘Entry Level’ Host Anyway?

The basic definition here is the smallest, cheapest, least robust hosting you can possibly get.

In general, this is where we all start. We need inexpensive hosting because we don’t know how much the site we’re proposing to build is going to need. To be honest, I detest being asked to ‘spec’ something with regards to hosting. “How much do I need to run a community site for..” Couldn’t tell ya. In fact, really, no one can tell you. It’s like “How much gas do I need to drive from Chicago to Cleveland?” I did it on one tank in my car, but my cousin stops three times. It’s got to do with gas milage, engines, traffic, and weather (gas expands and contracts, etc etc).

So starting out entry level for most of us is just fine. In fact, I recommend it. They can run as low as $4 a month, though I tend to point out “You get what you pay for.” Otto once said “Look here, if you’re paying less than $300 a year to run a website, then why bother? How serious are you about your website anyway?”

Paying $50 a year for a website is the cost of about 12 lattes from an overpriced coffee house. It’s around five pounds of decent-to-good coffee beans. It’s just over one tank of gas for a larger car. If your website is your life, and not a hobby, this is too cheap. And yes, I work for a company who has low cost hosting. The hosting is not the only cost, though, so when I say “Spending $300 a year is reasonable.” I’m not just talking about the host. We’ll get to that in a second.

What am I paying for?

The basics. Space on a server with access to the internet. PHP, SQL, email, and some sort of ‘control panel.’ You’ll pay around $8-10 minimum for a host with cPanel or Plesk. Less if they made their own (or have a deal). You’ll also have limits, even if they say ‘Unlimited,’ and let’s talk about that for a moment.

Unlimited does not mean there are no rules, so put your shirt back on. In general, unlimited means “We’re not going to give you all sorts of nit-picky rules about how many images you can have, or how much CPU you can use, because those things are nigh impossible for you to understand. Instead, we’re going to make sure you don’t do things that will crash the server, and if you do, we’ll tell you.” So while there are no ‘limits’ there is ‘monitoring.’

Someone is going to say “Then there are limits!” and in a way, yes. But the trick is those limits change based on your neighbors. Allow me to explain with an analogy. When you’re in college, it’s okay to be noisy at weird hours at the frat house because the acceptable noise level is higher. When you’re living in an apartment in the city, though, suddenly you have neighbors who work the night shift, and you have to be quieter. Shared hosting, the cheap seats, are very much where you need to be quieter, respect your neighbor, and don’t do your laundry at 2am.

In addition, you’re paying for server and service support. Email not working? PHP needs upgrading? Those are things your host can, and should, do for you. Got a weird question like “Is httpd.conf set up with AllowOverride All or AllowOverride Options All?” A good host will have the answer! They’ll help you get to your error logs and maybe, maaaybe, if they’re not super busy, help you read them.

What am I not paying for?

Rock-solid Backups. Dear holy monkey socks, please make your own backups. I cannot stress this enough. Look, here’s the deal. No one cares about your data more than you do. Okay? So when you find out that some plugin you’re using doesn’t sanitize data, and Bobby Tables signs up for your site, you don’t feel like this schoolboard:

Why? Because if you have a backup taken every day, you can restore and only lose a little data! Then you can perhaps convince Mrs. Roberts to be so nice as to help you figure out what went wrong. But regardless, your data, the important stuff, is safe.

Also, you’re not paying your host’s support people for consultant level work, you’re paying them to keep your webserver up and running. That means if PHP, SQL, email and the like are working? Hey, your website sucking is actually not their problem. Now, most hosts are nice and will bail you out a little, but they won’t be coding your site, and surprisingly to many, if WordPress gets hacked, they won’t reinstall for you. There’s a line here. If your server is hacked, most hosts will fix it. If your webapp is hacked, often they will not. So some of your $300 a year may end up going to someone like Sucuri for a bail out ($89.99 a year? It’s worth it).

Finally you’re not paying them to have an opinion. This is weird to say, but I get a lot of emails at work asking me for my opinion on their site. “Does this look okay?” You know … I don’t know, and to a degree, I don’t care. You really don’t want my opinion on your penis appreciation website (not a joke), and that’s okay. You’re also not paying the host to make your design prettier. Again, not consultants.

But .. How do I know this is all right for me?

Entry level is barebones stuff. And that’s not bad, it’s just what it is. Be prepared for it, and one day you’ll outgrow it… but that’s another post. Entry level is right for you if you’re new, if you want to get started and play around, if you want to learn. It’s great for beginners, and unless you get that nastygram from your host telling you that you crashed the server (which yes, I have had happen to me), you’re fine on it for a long time!

Should you run your company’s entire business off shared hosting? No. This is the basics, and expect to run the basics on it, and little more.

17 September, 2013
MP6uccess – Tips and Tricks
Notice: Since WordPress 3.8 came out, you DO NOT need to install MP6 for anything to work. Promise. If you want the extra color schemes, use Admin Color Schemes, but everything else works in core WP.

I like MP6. It’s far, far, far easier for me to read the back end of WordPress with it. It has legible fonts, larger fonts, and best of all, it’s mobile friendly.

The biggest complaint has been that it’s too dark. And I get that, I really do. I personally have trouble seeing white on black (computers only), and white on green (yes, road signs). So for me, the black sidebar was a little heavy, but something I could live with. Then version 2.0 came out and behold, color schemes!

I immediately ran this update, zipped to my profile page (where I knew it had to be), and saw this:

The other options right now are Blue (looks like the old blue), Seaweed, Pixel, and Ectoplasm. Seaweed is my favorite, but I decided to make each site a little different and distinct, so I have Ectoplasm running right now on one site and Seaweed on the other. I can tell right away which is which. My only wish is the toolbar was colorized on both ends.

Tips & Tricks

Okay, okay, I’ll stop selling the plugin, and instead tell you what’s cool to do with it.

Styling Menu Items

The items on your menu sidebar default to some pretty boring icons. Bleah. For years we’ve always uploaded our own images to change things in our plugin and custom post types. Here’s an example for my own code for an old Custom Post Type, because I wanted a custom video icon to show up on my sidebar:
```
function cptname_post_type_css() {
   echo "<style type='text/css' media='screen'>
           #menu-posts-CPTNAME .wp-menu-image {
                background: url(/path/to/CPTNAME.png) no-repeat 6px -17px !important;
        }
           #menu-posts-CPTNAME:hover .wp-menu-image, #menu-posts-CPTNAME.wp-has-current-submenu .wp-menu-image {
                 background-position: 6px 7px!important;
        }
    </style>"
}
add_action( 'admin_head', 'cptname_post_type_css' );
```
Now that I’m using MP6, I have access to Dashicons, which already has a video icon included, so I can use this:
```
function cptname_post_type_css() {
   echo "<style type='text/css' media='screen'>
           .mp6 #adminmenu #menu-posts-CPTNAME .wp-menu-image:before {
                content: '\\f126';
            }
         </style>";
}
add_action('admin_head', 'cptname_post_type_css');
```
No need for a hover image, because this is a font and not an image, so the hover is automagically taken care of. The result is exactly what I wanted. It looked just like it was built into WordPress from day one, and my co-authors know right where they’re supposed to go to make a new video post.

There are a lot of options to nab from, and there’s a double edged sword to having some ‘standards’ built in. While it’s super easy for me to make a plugin or CPT use what I want, the same goes for other people. I imagine a lot of shopping cart plugins will want to use '\f174' (the shopping cart) if they don’t have their own. Also it means that to ‘match’ you’ll have to use Font Icons yourself, and they’re not super easy to make. Not that everyone worries about matching.

Force a Choice

Okay, what if you want to force a choice for everyone?
```
add_filter('get_user_option_admin_color', 'change_admin_color');
function change_admin_color($result) {
    return 'ectoplasm';
}
```
This is the same as it’s always been, actually. But now everyone gets to use purple and green, yay! Keep in mind, this is a hard force. Everyone uses this. There’s no changing. I have this on one site, since the ecotplasm color actually matched the theme. I set it, went away for the weekend, and found the users laughing and loving the perfect match.

Also check out…

I’m sure I’m not the first person do dig out these tricks for MP6. At WordCamp Chicago I remarked that a cool plugin would be “MP6SS” – it would let you pick four colors (similar to the blocks the current MP6 plugin offers), and you could make your own colors on the fly. A little dangerous, but the next option up from that would be a fork of the CSS plugin in Jetpack, which lets you totally customize your MP6 CSS 100%.

Here’s some links I’ve found to more MP6 fun:
Do you have any tricks? Post links to your code!
3 September, 2013