Monthly Archives: April 2015

10 Years Using WordPress

Posted by in General

Ten years ago, this blog was created. Sure, I had written a few posts on another platform. However, it was ten years ago that I made my first post within WordPress (version 1.5 at the time). JD had just setup a WordPress install for me on Weblogs.us, and the post was a simple “This is my new blog” type post (no longer available).

Since then, I adopted and rewrote a plugin that is now approaching 2 Million downloads and an estimated 300k active users. By no means was this my first plugin, and it is not the last one I will create (something new will be arriving late this summer). While I had been playing with (x)HTML and CSS for years before WordPress even existed, I learned PHP through extending WordPress—some purists may cringe at the thought, but that is not my problem.

Additionally, I have had the opportunity to be a server administrator for Weblogs.us, starting back when we still ran Apache on Windows. Since that time, we’ve moved to Gentoo/Funtoo Linux VM guests on top of the hardware. And, in late May, we will begin migrating select Weblogs.us users to new Nginx+PHP-FPM setup running on top of some new hardware.

Lastly, I’ve attended 6 WordCamps, and have presented at 5 of them on 6 different topics in 8 sessions. This includes all 3 times WordCamp Minneapolis has been held, thus far. This year, I plan on attending more WordCamps than I’ve been able to in the past (really want to get to Austin and out to the West Coast). Not only are they a great excuse to see new cities, they are a great place to meet members of the WordPress community in person.

-John Havlik

[end of transmission, stay tuned]

I’m Speaking at WordCamp Minneapolis 2015

Posted by in Announcements

My presentation titled “Writing (more) Secure Plugins” was accepted into developer’s track for WordCamp Minneapolis 2015. This presentation aims to enlighten WordPress plugin developers of common attacks and preventative measures that should be taken within any WordPress plugin.

Topics covered include: Plugin security best practices, data sanitization (and validation), action authorization, and permissions. As always, this is a non-exhaustive list of the topics I’ll cover but it should give a feel for what I’ll be talking about.

-John Havlik

[end of transmission, stay tuned]

TLS, HTTPS, Weblogs.us and the Generation 4 Layout

Posted by in Weblogs.us

One thing I have not talked about in a while is Weblogs.us. Currently, we are busy designing and deploying what I am calling the Generation 4 Layout. This new layout includes a migration to Nginx, PHP5.5 and a few other goodies that will make things faster for everyone.

A big benefit for this new layout is it will be easier for us to support HTTPS on end user sites. Now that Google is pushing everyone to this, we’re going to be ready. Since we have a limited number of IP addresses available to us, we will be using Server Name Indication extensions to TLS to do this. Additionally, as of now, only users with their own domain names who purchase a TLS/SSL certificate will be supported. At the moment, we are not planning to purchase a wildcard TLS/SSL certificate to cover all subdomain users.

Deployment Timeline

Currently, we are in the process identifying candidate sites to migrate to the Generation 4 Layout as part of a test roll out. Initial deployment is slated for mid May. Starting in mid July, we will start general deployment of the new layout. The plan is to decommission the old virtual machines holding the Generation 3 Layout by the end of 2015.

-John Havlik

[end of transmission, stay tuned]

Tagged: ,
Updated: