Strong opinions, weakly held

Tag: WordPress

Be extremely careful with free WordPress themes

I recently built a business Web site for a friend using WordPress and was shocked at how easy it was to create something really good, really quickly. I used a commercial theme and a few popular plugins and wound up with something really nice that looked professional and didn’t look at all like a blog. I didn’t consider using free themes at all, and it looks like that was the right idea.

Siobhan Ambrose took a survey of some sites are highly ranked in searches for free WordPress themes and found that of the top 10 sites, the only one that you could trust was the themes pages on the official WordPress site. The piece is very well reported and also provides a ton of useful information on how to ferret out malicious code in WordPress themes and plugins. Her article is titled, appropriately enough, Why You Should Never Search For Free WordPress Themes in Google or Anywhere Else.

More on speeding up WordPress

After my run-in with excessive traffic a few weeks ago, I’ve become interested in optimizing WordPress performance. ZippyKid has some tips on speeding things up without using WordPress plugins.

The only thing I did from his list was turn on the MySQL query cache — it made a big difference.

How to speed up WordPress in an emergency

Over the past two days I’ve been linked to by Daring Fireball and BoingBoing. I’m running WordPress on a virtual server from SliceHost with 512 megs of RAM. Because I’m an incompetent systems administrator and just run everything with the defaults, the server did not react well to the additional traffic. Here’s a list of the things I did to whip the server into shape.

The first problem was that the load average on the server was spiking and it was becoming non-responsive. Even logging into the server via SSH took minutes, and Web pages weren’t really loading at all. WordPress was not using the database efficiently and the database load was killing the server. I attacked this problem by taking advantage of caching.

I discovered that query caching was not properly enabled in MySQL. The cache was enabled, but the cache size was set to zero, so nothing was being cached. After tweaking things a bit, I wound up giving MySQL a 10 megabyte cache. (You can read about setting up the MySQL cache in this article.) Since my server often runs into RAM problems, I didn’t want to allocate too much RAM to a new feature.

I also set up WordPress to use caching as well, using the DB Cache Reloaded plugin. I like it a bit better than plugins that cache entire pages like WP Super Cache. Those plugins are probably worth it for really big sites that get millions of hits a day, but my traffic is relatively low most of the time, so my goal is just to make sure it doesn’t blow up entirely when traffic spikes. DB Cache Reloaded does the job.

That made things work, mostly. However, I also ran into problems with MySQL going away. In those cases, WordPress just generates a page saying it can’t connect to the database. I’ve seen that happen during traffic spikes before, and I’m still not sure what causes it. My guess is that it’s because of some kind of lock contention issue. WordPress uses MyISAM tables, which don’t support row level locking. I may switch them over to InnoDB over the holiday. I had to log in and restart MySQL a couple of times over the past 24 hours, but it hasn’t happened again yet today.

Once I stopped overtaxing the database, things started slowing down because Apache was spawning so many processes that it used all of the memory on the server. Basically, when Apache spawns more than 50 processes, the server starts getting low on memory, which slows things down, which causes Apache to take longer to serve requests, which causes even more processes to be spawned as incoming requests pile up until the server grinds to a stop. I looked at my Apache configuration and saw that it was allowed to spawn as many as 150 processes. Given that they consume about 25 megabytes of memory each, this did not work well with my puny server. Cranking the MaxClients setting down to 25 did the trick here.

When I changed that setting, I also lowered the KeepAliveTimeout setting to 5 seconds. When KeepAlive is enabled, the server allows the browser to submit multiple requests over the same connection if it asks to do so. When a browser opens a persistent connection, it maintains its claim on the process that is serving its requests until the browser closes the connection or the timeout duration is exceeded. Because I lowered the number of processes, I lowered the timeout so that ill-behaving browsers don’t block other people from connecting if they’re not actually going to request more content.

Things are working better right now, and I’d be much happier if I knew what was causing the intermittent failures I am seeing with MySQL.

I should also probably do a better job of monitoring the server. The only diagnostic tool I used throughout the process was “top” and reloading the home page to see if the server was responsive.

Links for September 7

  • John Gruber: Regarding WordPress and Security. I think the number of people who should be running and maintaining their own content management system keeps getting smaller. The hosted blog tools are really good, and keeping everything running properly really is a pain.
  • Nate Silver: A Trigger — With Teeth? A trigger clause for the public option could be a good idea if the trigger is likely to kick in without real changes on the part of private insurers and if the public option is robust.
  • Chris Dixon: Is now a good time to start a company? The economy is not great, but I still don’t see a lot of good programmers out looking for jobs.

Links for September 5

XSS and WordPress Themes

Dave Smith just emailed to let me know that the theme I’m using is vulnerable to a cross-site scripting attack. He’s detailed the fix here, which I’ve applied. If you’re using depo-skinny, you’ll want to fix it as well.

Improving my blogging workflow

As I’m sure you already know, I’ve created the rc3dotorg Twitter account so that I can let people on Twitter know when I’ve published something. One unfortunate side effect has been that it has complicated my workflow when I write new posts.

Normally I just compose the post in MarsEdit and hit the publish button. I’m sure the process could be greatly simplified, but for two things that complicate the process. The first is that I like to use short URLs that I furnish myself, and the second is that I like to compose the tweets by hand.

I publish this blog using WordPress, and I use the le petite url plugin to create short links. Most of the time I publish updates to Twitter using Tweetie.

So here’s my workflow these days:

  1. Compose a post in MarsEdit and publish it.
  2. Go to the WordPress application on the server and navigate to the new post so I can copy the short link.
  3. Open my Twitter client and write a new tweet, then publish that.

The main inconvenience is opening WordPress in the browser once I’ve already gone to the trouble to write the post somewhere else. What I need is a tool that will allow me to access the internally generated short URL and compose a Tweet from MarsEdit that can be published whenever the blog post itself is published.

It’s looking like I’m going to need to write my own WordPress plugin to do exactly what I want. There are a ton of Twitter plugins, I think I’ll just have to find the right one and adapt it to my needs.

More later.

Links for April 8

Links for March 12th

  • Jon Udell interviews Ward Cunningham about how the Eclipse portal exposes its innter workings by way of reports on test results, and the advantages the resulting transparency provides. Really, really interesting stuff.
  • Bruce Schneier discusses a report on the lack of security in implantable medical devices that provide remote access.
  • Wired Compiler links to Prism, a Firefox add-on that makes it easy to treat Web sites like standalone desktop applications. It provides a lightweight approach to creating apps like Mailplane.
  • The Morning News: Six-Word Reviews of 763 SXSW MP3s by Paul Ford. This is insane, and I mean that in the best possible way.
  • Postalicious is the WordPress plugin I used to produce this post.

WordPress, for now

Today I reluctantly migrated the blog from Movable Type to WordPress. There are many things I like about Movable Type, especially in version 4.0, but for whatever reason it was very slow and seemed to keep getting slower. I installed FastCGI but wasn’t sure if it ever worked, made sure the database was properly indexed and that it wasn’t slowing things down, and tried to tweak other things where I could. Eventually I decided that I was tired of dealing with slow performance, and didn’t have the energy to take the debugging to the next level.

Anyway, it was relatively easy to move my content into WordPress, so I took the plunge. Right now I’m using a slightly modified version of the Cutline theme, but I expect to make it more my own soon enough.

Getting the old links to blog posts to work was somewhat difficult. When I migrated my posts from Movable Type to WordPress, neither the ID numbers nor the Movable Type basenames made it into the WordPress database. My Movable Type permalinks were based on the basename. I hacked the 404 page in my theme to look up the posts in the Movable Type database by basename, and then use the post title to look up the post in the WordPress database and redirect to the appropriate page. There will be problems with the really old untitled posts, and with any posts that have the same title, but the approach works well enough for now.

I also had to install FeedBurner FeedSmith and PHP Markdown to get things working. Markdown does still work in comments. I’ve also installed WP-OpenID, so you can sign in using your OpenID to comment.

Sadly all of the tags on my posts failed to make it over in the migration. I doubt I’ll go back and tag old posts.

I’m sure there are dozens of other problems that I haven’t found yet, but I’ll iron them out over time. If you see anything obviously broken, please leave a comment and I’ll try to get it fixed.

© 2018 rc3.org

Theme by Anders NorenUp ↑