Disable session cookies in Pods

Pods sessions can interfere with caching, but there is a config that can fix that.

We were having trouble on a site that has a lot of traffic, with PHP timing out, and the web server not recovering. It was odd, because the site doesn’t have very much interactive parts, and in mostly served from the cache… except it wasn’t being cached at all!

The site makes heavy use of Pods for custom post-types, and that is hardly an issue, but in this case Pods was setting a session ID via cookie, which of course meant each time a page is visited it is “new”, and bypasses the cache. Suddenly our high volume of traffic is hitting the database and rendering each page on every load, and honestly I was surprised it survived for as long as it had.

My research turned up two issues that were relevant: Replace all session and session_id usage #2237 and 2.4.3 prevents browser caching #2542.

#2237 refers to a change that could possibly fix this issue, but is ongoing. #2542 contains the fix, though I wasn’t able to track where it came from, as it wasn’t provided in the referenced conversation.

define('PODS_SESSION_AUTO_START', false);

Because I couldn’t source this seemingly undocumented config, I hopped on the Pods Slack instance, where Jim True and Bernhard Gronau verified that it was exactly for this use case. Pods has a feature I don’t use, wherein one can produce a front-end form to submit content directly into a Pods-created post-type, and the sessions are a security feature.

Turning off the sessions did the trick, and soon the site was being delivered from the cache.

Bonus tip

In discussing the Pods forms, I mentioned I used Gravity Forms, with the Gravity Forms + Custom Post Types plugin. They recommended Pods Gravity Forms Add-On. When I asked about the difference, they explained the Pods add-on can handle relationship fields. That is very cool! ^_^

WordPress 4.6 Beta 1 and feature freeze

New version of WordPress coming down the pipe, and two big features I am excited about: Font Natively and Shiny Updates.

Hey! WordPress 4.6 is cranking along, and a feature freeze and beta has dropped.

There are two big sub-projects in this release: Font Natively and Shiny Updates.

Font Natively reverses what I’ve always considered the mistake of linking to Google Fonts in the WordPress admin pages. One of my essential plugins has always been either Remove Google Fonts References or Disable Google Fonts, to remove those links. I am very happy this embarrassing mistake is being fixed.

Shiny Updates make the experience of updating themes, plugins and WordPress core a more enjoyable and straightforward process, in line with expectations for modern software. This is polish, follows WordPress’ principles of “designing for the majority, and striving for simplicity”. It will also make it a slightly better experience for those of us that run updates habitually (though I’ve largely moved to using Advanced Automatic Updates or WP-CLI myself).

This will be a fun update! Do you have any wish(list)s for future WordPress releases? I am always curious what folks are looking for. ^_^

WordPress Theme Review Team revising review process

WordPress is an amazing volunteer project, with real bodies working to keep the Theme and Plugin repositories online, as well as the support forums humming along. With so many users on the web using WordPress, it is a big job.

The Theme Review Team knows they are behind in reviewing new themes, and have a (action!) plan to reduce the queue. There is a revised workflow presented, as well as a plan to develop a theme check plugin on GitHub.

I am very grateful for this work to be done, and I’ve considered joining the theme review team myself. I’ve heard it is a good way to learn decent theme coding standards, and I intend to release a theme to the public repo (eventually, no timeline for that!).

If you are interested in theme development and how the WordPress infrastructure supports it, follow the Theme Review Team make blog. ^_^

Recommendations for WordPress hosting

The WordPress Web Hosting page has been updated (and not without its own drama). I’ve used all of the hosts on there, so I figured I would weigh in with my experience.

I want to note up front that I also do WordPress hosting, specifically for small businesses and larger orgs, and also some that would be categorized as “bloggers”, but they get a lot of traffic. I feel that the hosting page is for folks first coming to WordPress, or website hosting in general. If you want to talk about hosting for performance and building up traffic, get in touch. ^_^

First I will make my recommendation, and then I will describe each service.

For the best value, ease of use and access, go with DreamHost (but with caveats). If you build sites (front- or back-end) for other people and aren’t very interested in the hosting part, Flywheel is pretty good. Bluehost and SiteGround are meh, and you pay for what you get, which is not very much.

Highlights

Bluehost – Nothing stands out as particularly bad about this service, but the dashboard isn’t neither pleasant nor straightforward for a lot of the features you need to use when administering your site.

DreamHost – I’ve had a lot of issues with DreamHost over the years, but in the decade since I had stopped using them, they put a lot of effort in two areas that I work: cloud computing and WordPress hosting. Their dedicated WordPress hosting is a solid web stack, and if you need to host a site that will ramp up traffic quickly (such as a small business about to launch, or a community project), I recommend that. However, if you are just starting, and will be blogging or not updating your site often, I would opt for their shared hosting instead. They even have a one-click installer that makes it pretty easy to up and running in no time.

Flywheel – Flywheel has perhaps the prettiest dashboard of any hosts, but then they go after designers and front-end developers. I considered Flywheel for some of my managed sites, but their traffic calculations didn’t work for me (see my note below). However, for staging a site and working with others, they have some interesting tools, including a neat login/site alias alternative to standard SFTP. One hopes they don’t need to use SFTP, of course.

SiteGround – Very similar to Bluehost, except even uglier on the backend. It is just CPanel that look so awful, and despite this being my career choice, I’ve surprisingly had little need to use CPanel. But that means I know how limiting it is, and SiteGround’s services are very limiting. I was unable to fully vet their service because I got caught in customer support limbo, but that is a very important part of your hosting company. They consistently get good ratings from hosting directories, but my experience was pretty awful.

What to look for in a web hosting service?

Some WordPress hosting plans are hyper-focused on WordPress, and others are treat it as just another PHP app. And nearly all hosting companies will try to up/cross-sell you on their other services, such as domain registration and email hosting. Here are my opinionated thoughts regarding the details of your hosting plan.

Be wary of domain registration! Some places register domains in a particular way that makes it difficult to resolve an issue if one arises (such as the gawd-awful scenario that someone tries to social engineer one away from ya). This is compounded by the fact that most hosting companies will imply that they need to host your DNS records in order to host your website. I’ve never known a host that needed to host your DNS in order to host your site. Instead, pick a domain registrar with clear guidelines and a decent reputation. I recommend Gandi.

Most web hosting companies are not going to do email well. Why? Because email hosting is a full-time job, and requires a lot of methods and technologies that websites do not. But when a person is starting out, they don’t want to go to another company for email, so it is a natural fit for upsells or inclusion in a base service. You will be sad if you use the email from your web host. For people email (meaning you personally correspond with other humans) I recommend FastMail if you want your own domain, or ProtonMail if you want to be all secure and private. Statistically, you are probably using Gmail, and they have a paid tier for custom domains.

Security certificates are hot! You should have one as soon as possible, and your web host should provide an easy, clear way to set that up. Some certificates are paid, while others are provided for free by Let’s Encrypt. DreamHost does this, with the click of a checkbox! That is a big deal, and I am irritated that many hosts not only charge a fee per site, but also make it monthly. We should all endeavor to make web traffic secure, so either avoid hosts that charge monthly fees, or write to them about Let’s Encrypt.

Web hosting should be fun!

I know there is a lot of stuff to consider when hosting your WordPress site. I didn’t even get into caching and CDNs, or accessibility and responsive design. And each of the caveats I did bring up have many books written on each topic. But keep in mind that starting a blog or small site should be fun, and most hosts won’t get in the way of that. But if you have questions or doubts, drop me a line and we’ll see if we can’t make it a bit easier to get through. ^_^

Jetpack 4.0 fatal error

Jetpack plugin banner

If you use Jetpack by WordPress.com, make sure you skip the update for 4.0. It had a fatal error that crashed plenty of sites, and was fixed with 4.0.2 (see announcement post).

This is a bummer, because it reduces trust in the auto-updates WordPress can do. The perception that even a plugin from Automattic can’t get it right doesn’t help. However, Jetpack is a weird meta-plugin, which goes against the grain of how we’d prefer plugins to work. If you use Jetpack and want to discuss alternatives to the features you use, leave me a comment. ^_^

Theme colors: chocolate fluffy marshmallow bar

In lieu of a proper theme, I resort to color-matching candy bars.

Susan drew my attention to a chocolate fluffy marshmallow bar by Barú, and I thought, “those colors would look nice on a website!”

So I kinda color matched the bar wrapper, and updated this site’s theme. Before:

Screenshot of website colors from before
Colors were based on Solarized palette.

And after:

Screenshot of theme colors after
Colors based on candy wrapper from Barú.

I am working on a theme that I would eventually like to use on this site, so in the meantime I will be changing the default yearly theme that ships with WordPress.

Woman President Book site update

Beyoncé says eir fans should read What Will It Take to Make a Woman President?. We made it a nicer experience to learn about the book.

I wanted to title this post, “What Will It Take to Make a Woman President?“, but that is the title of the book by Marianne Schnall, and I am just writing about the book’s website, and it seems odd to use it…

wwit-banner

Anyhow, that is one of the sites I host for Seal Press. With the election it has been getting more press as we approach potentially the first woman president ( <- no idea how to capitalize that). Recently the book was recommended by Beyoncé, so we decided to move it to better hardware to keep up with interest.

When I looked at the theme it was using, while responsive, it hadn’t been touched in about three years and it didn’t land as well as I liked. So I created a new base child theme, and updated the markup to act a lot better on a variety of devices.

Additionally, it also incorporates a lot of infrastructure changes I’ve made since we launched it three years ago, including secure connections and static assets going over a CDN. Overall, the small refresh should match the progressive message of the book, and I hope those interested check out both. ^_^

solanin to slowpress

I am migrating an existing network, solanin, to the new slowpress network. It is gonna be sweet.

I have a blog hosting network called solanin, created primarily for my friends that needed a place to blog and not worry about the overhead of maintaining their own WordPress instance. It has been fun running it, and I am happy that my peeps have a place to call home on the web.

solanin will be closing, for two primary reasons. First, there were some lessons I’ve learned since setting it up, and I wish I had done some things differently. Some of the changes are technical, but most of them are on the administrative side of the “business”. I send out invoices, for instance. It hadn’t occurred to me how bad of an idea that was, but at the time there weren’t options like Stripe or other payment systems that I could easily tap into (please, someone, anyone, pay me with bitcoin!). I began dreading invoice time, which is quarterly for me, because while I have my larger projects and clients, the little invoices were a cognitive drain. I will get to how I solved that issue in a moment.

The second, and much more pressing issue, is that the hosting provider I’ve used for solanin has begun a downward spiral of bad service and worst customer support. I need to get my sites moved away with the quickness, and in the next few months I expect to have everyone migrated into the new network, on solid infrastructure that I am more involved with in the daily operations. I suppose a larger lesson for me has been how much my skill- and knowledge-set overlap with managed WordPress hosts; over the last year I’ve worked more to correct the issues of hosts than was worth the money I’ve paid them. Hmmm.

The new network is called slowpress. The name is a nod to the slow movement, as in web, food and money, among others. It isn’t a downgrade or “lite” version of anything I am doing now, and it certainly isn’t slow loading. Rather, it is a particular WordPress configuration that makes certain presumptions for things such as not tracking visitors and passing that information to corporate silos, or accessing the backend over a secure connection. Those are the technical bits, but I will also introduce it as a subscription, so folks can pay me monthly or annually and I won’t need to send the average of 14 notices a year to get a small amount of money from folks.

slowpress isn’t for everyone, but I have a hunch it is for most individuals. ^_^

I will be writing more about slowpress in the coming months, so be on the lookout for that. If you are a current solanin hoster and have questions, let me know at maiki@interi.org, or leave a comment.


That image is from the graphic novel Solanin by Inio Asano. I named the network after it, because that book touched me, and that specific image shows the spirit of the network. If you are near me, you can borrow my copy. The more you know!

Phabricator

I heard about Phabricator from Greg, in reference to the WMF collapsing a bunch of other tools into this one omni-developer app. I’ve been struggling to figure out what I am doing with my repo hosting, so it was neat to hear a large org moving to something that is free software and self-hosted.

I’ve spent about a week with it, and I’ve been up and down, most so than with any other software I’ve ever used. I didn’t quite understand why I was hung on this software so much, but for the last few days it has been all I can think about. I am starting to break it down, now.

First thing: I wish I had found Phabricator when I was first starting out, maybe back in the cog motive days. It does a lot of stuff really great, and outside of an org that does shared development, it has some great features for single freelancers, like the simple interface for creating and signing contracts.

It bums me out that it doesn’t hit all my needs, but it did make me reassess what my needs were. The git hosting doesn’t come close to Gitorious or GitLab, but those are specialized apps, and they only have light issue-tracking on top of it. I am actually quite fond of the tasks in Phabricator, but tracking issues around code outside the repo is not what I’m looking for.

Basically, I want Phabricator to scale! I want big, huge, public instances of it, but that isn’t the tool they made, though it can organize large groups of folks. I think it is the perfect tool for WMF, which will have a relatively narrow focus. I want a single todo list, and I won’t be able to get it from Phabricator.

However, my own personal work is taking me in interesting directions lately, where I am focusing on fewer clients, but larger projects. I can already think of 2.5 new instances that I should be running, and they do not overlap. And for other projects, I think I have some WordPress plugins that make more sense, since they are less technical in detail, and allow for a conversation to develop with folks that may not want an account to a complete organization system.

Oakland Police Beat

Oakland Police Beat

Oakland Police Beat has launched. Susan Mernit explains what the site is about. You should go poke around, see what it is all about. ^_^

It is a WordPress site, and the data is stored in custom post types and taxonomies. All the software that composes the site is free and open source (and I will be providing a writeup of all the great projects we used soon). Bernard is interesting.

Susan Magnolia created the logo, visually showing OPB as an extension of the Oakland Local family.