2010 April | Blog Design Studio

Part 1 : How to setup Cloud Servers for blog optimisation

21 Apr, 2010 | mayank

WordPress has been considered as a memory hog and I can agree to that as I’ve faced the issues in the past as well. If you don’t use plug-ins like WP Super Cache or W3 Total Cache, you’d get an email from your shared hosting provider to upgrade the hosting plan pretty soon. As traffic increases you’d have to change the hosting plan and then the question will arise, to go for managed hosting or unmanaged hosting?

Personally I like things under my control where I can change just about anything as that way I don’t have to depend on anyone and things get done much faster as compared to a situation, where I’d have to call the tech support hoping that the support guy will help me in finishing the task and I’d get less than satisfactory answer. Anyway, to cut the story short, I got an email from my fantastic web hosting company i.e. WPWebHost, however as I was looking for cloud based hosting [I definitely like buzz words], I thought that I would rather go for Rackspace Cloud Servers as I get more control over things. Here are few things that you’d have to keep in mind, if you are interested in going for Cloud Servers -

You do get the complete control of the server but that also means that you have to setup everything from the scratch! You just get a server with a vanilla linux installation and that you’d have to install and configure – web server, database server, take care of the security issues and just about everything that you can imagine! So if you are weak heart then you should not read this guide and instead you should carry on your research for other hosting plans that offer managed servers.
However, More control over server means that you’d be able to have to have a much faster running site and that also means that you will get better rankings in Google!

One of the main purpose for getting the cloud server was that I wanted to run WordPress on Nginx, a much better and light alternative to Apache web server and wanted to play around with HipHop for PHP, pure innovation from Facebook! Here’s what HipHop for PHP is all about [I'm still working on this part and will be sharing my experiences in upcoming posts]-

HipHop transforms your PHP source code into highly optimized C++ and then compiles it with g++ to build binary files. You keep coding in simpler PHP, then HipHop executes your source code in a semantically equivalent manner and sacrifices some rarely used features – such as eval() – in exchange for improved performance.

And now lets find out that how can we setup an optimized web server that would handle lots of traffic with minimum amount of resources that would make your blog load faster as well.

Setting up Linux server from scratch!

Note 1- In this case we are using CentOS 5.3 and all the commands will be mentioned step wise, so you can simply copy and paste them one by one and you should be good to go, I will give explanation of all the steps as we go along -

Note 2 - If you are new to these things, then make sure that you should go through this guide properly and should not skip anything.

1. Setting up basic security

When you get a fresh installed Linux box that you want to use as a web server, it can be vulnerable to various attacks and in order to avoid them we will setup basic security settings that a linux web server should have and for that you should connect to your linux server through SSH [ssh root@YOUR SERVER IP ADDRESS] and then run the following commands -

passwd [First time you login as Root and we must change the password of the root. Here's a guide for keeping secure password.]
adduser wordpress
passwd wordpress
usermod -a -G wheel wordpress
visudo [for newbies - vi is a text editor and here are the commands that will help you operate it.]
Find # %wheel ALL=(ALL) ALL and remove # from it.

These commands will basically setup a new user called “wordpress” in the Wheel group and will ensure that the user will be able to gain the root privileges at required times. If you want to use a different username then simply replace “wordpress” with your desired name.

Now we’d configure SSH to disable the root access and change the port to ensure that no hacker will be able to easily access the server. For that fun the following commands -

nano /etc/ssh/sshd_config

And you need to ensure that the following settings should be in the whole file. Nano is also a text editor and it displays the most basic and useful commands at the bottom so you won’t need to go through a guide. I definitely like it more than vi. Anyhow, here are the settings that you need to keep in SSH’s configuration file -

Port 30000 <— change to a port of your choosing
Protocol 2
PermitRootLogin no
X11Forwarding no
UsePAM no
UseDNS no
AllowUsers wordpress <——- of course, this will be the username that you chose in the first steps.

Once we are done with the SSH configuration, we’d make changes in the IP Tables which is like the firewall settings to only allow certain ports that would be open. Run the following commands to ensure that IP Table settings are as per the way we desire -

iptables -L <—- this will show the current IP Table configuration. Just copy and paste it in a text file.
iptables -F <– this flushes the existing IP table rules. The following commands set desired new rules.
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -i ! lo -d 127.0.0.0/8 -j REJECT
iptables -A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -j ACCEPT
iptables -A INPUT -p tcp –dport 80 -j ACCEPT
iptables -A INPUT -p tcp –dport 443 -j ACCEPT
iptables -A INPUT -p tcp -m state –state NEW –dport 30000 -j ACCEPT <— this should be the port that you selected in last settings.
iptables -A INPUT -p icmp -m icmp –icmp-type 8 -j ACCEPT
iptables -A INPUT -j REJECT
iptables -A FORWARD -j REJECT
service iptables save
/etc/init.d/sshd reload <— this will reload the new settings.

Now open a new tab of Terminal (Mac Users)/Putty (Windows Users) and try to connect to the server using the new settings that we’ve put all this while. If it connects then everything is fine, else go back to the previous tab, flush the settings again and try the above commands again.

ssh -p 30000 wordpress@Your Server’s IP Address

2. More CentOS configuration and setting development tools

In this section we’d configure CentOS to use external repositories, so that installation of various tools becomes easier and that in case you want to install any software then it should be able to find the dependencies without much issues. One of the most known repository other than default one is RPMFORGE and we need to configure our server for that. Please follow this article to install RPMFORGE. Once we are done with that, we will run the following commands -

sudo yum update
sudo yum groupinstall ‘Development Tools’ ‘Development Libraries’

This will update the YUM and will install most of the development tools and its libraries that you’d need in future. I hope that most of you would not find problems till this point of time as these are some simple steps, however things will start getting a little complicated when we’ll start installing Nginx, WordPress, MySQL, caching systems configuring them for optimum results. So gear up for the fun and awesome challenge that we’ll experience in forthcoming posts.

1 Comment / Add yours

WordPress 3.0 – The Ultimate One!

9 Apr, 2010 | mayank

Topics: Wordpress Customization

Nearly a month is left before long awaited and much talked about WordPress 3.0 comes out. However, we are seeing a flurry posts on WordPress 3.0. Most of the bloggers are writing about this upcoming master piece, so I thought that I should write something about WordPress 3.0 too as Beta 1 has already been released. There are lot of new features in this release and I thought a small walkthrough won’t be bad!

Video for the Lazy Fellows!

Highlight Features of WordPress 3.0

New menu management feature – This feature will let users to build custom menus with ease. This feature was released as a plugin by WooThemes guys for their own framework, however after Automattic approached them, they allowed them to integrate this feature in WordPress 3.0. Isn’t that generous?
Improved custom post types, custom taxonomies including hierarchical support – As WordPress becomes the top choice in CMSes, it is getting lot of features that are focused towards easier and better management of content. Custom Post types and custom taxonomies will make things easier for WordPress consultants to customize the websites easily. Learn more about Custom Post Types in WordPress 3.0 over here.
Focus on Themes – New theme “Twenty Ten” will be the only default theme in WordPress. Kubrick & Classic themes will be removed although they’ll be available in the WordPress themes extend. Other than the shuffle of the themes, coders can also rejoice as they’ll get improved child theme support and a feature where bloggers and web admins will be able to update all the themes in one go. We
Standalone WordPress and WPMU code merged – So if you want multiple blogs on a single WordPress installation then it surely won’t be problem. You can configure WordPress 3.0 to host multiple blogs as sub-directory or sub-domain. If you are interested in using multiple domains on single WordPress installation then don’t forget to check out Domain Mapping Plugin by Donncha, lead WPMU developer. There is much more comprehensive guide on how to create blog network with WordPress 3.0 over here.

I’m sure now you’ll be convinced that you’d want to upgrade to WordPress 3.0 right away, however it won’t be available till next month i.e. May 2010. Although there are few other things that have changed in WordPress 3.0 and lets have a look at them -

Other Important Features in WordPress 3.0

1. Choose username & password at installation – As we have already discussed that keeping “admin” as the username is not cool but it makes life easier for hackers. To avoid this, WordPress 3.0 will let you choose your desired username during installation itself! Thanks WP Cookies for the image.

2. Custom Backgrounds made easy – WordPress 3.0 will support custom background for themes. By adding only 1 line of code in functions.php of the theme, users will be able to change the background of the blog with lot of ease! This means that any user will be able to literally change the look of their blog in couple of clicks.

3. Introducing Super Admin – Till now, “Administrator” role was the top user and it was able to do all the tasks. However, now there is a new user role i.e. “Super Administrator”. This new user role will be able to manage everything from individual blog features to multi-site features.

Well, there are hell lot of new additions or changes that anyone would love to list in a blog post, however its practically impossible to do so. Some are even way too difficult to explain – however those who are interested in the nitty gritty of the development can head over here and check out the current development process.

I must say that I’m UBER EXCITED about the release of WordPress 3.0. One of the key reason is that WordPress 3.0 will help theme & plugin developers a lot. Its shaping up as a mature CMS and it certainly helps us in faster development. You won’t believe, I literally wish every day that it gets released ASAP! What are your thoughts about WordPress 3.0? Will it be able to compete with Drupal anytime in near future?

5 Comments / Add yours

How to have VaultPress like protection for your WordPress blog

5 Apr, 2010 | mayank

Topics: Wordpress Plugins

From last couple of weeks, I’ve been trying to ensure that how WordPress can be secured enough to avoid any kind of malware attack. In the course, I found lot of new information about securing web applications and realized that how small and little settings can make and break things. While my struggle to know more about security was going on, I came across the launch post of VaultPress, a blog backup and protection service from Automattic.

Please note that the service has been announced in beta and is available for only few users. One can apply for the invite over here. It’ll be a premium service and while signing up you can also mention that how much are you comfortable in paying for this kind of a service. If I were to decide the price, I would keep it around $10/month. I’ve not tested the service myself, however we could gather all the information about VaultPress from the coverage it has received from the biggies like TechCrunch, ReadWriteWeb, Silicon Alley Insider, VaultPress blog and finally my favorite WordPress Tavern.

Features of VaultPress

1. Focused on WordPress.org users – WordPress.com is one of the most powerful and secure blog services around. However, same can’t be said for the users who use self hosted WordPress version on their own servers. There have been many horror stories in the past where many self hosted WordPress installs got infected from malware and much hoopla was created. VaultPress has been designed to work with self hosted WordPress to ensure that they can also get the quality backup and security service to avoid any mishap.

2. Real Time & Complete Backups – VaultPress is an all-in-one backup package. It will backup posts, categories, tags and rest of the data along with themes, files etc. Jeff @ WordPress Tavern reckons that VaultPress will face stiff competition from Backupify, BackupBuddy and other backup plugins. According to Matt, founder of WordPress, VaultPress will be able to make the backup instantly as soon as one would publish the changes on the blog or website.

3. Safeguards against Zero-Day Attacks – This is one feature that I would be most interested in as this is one feature that no one else is offering. VaultPress will be able to safeguard your blog against the Zero-Day Attacks focused towards WordPress. It will also monitor your site to alert you against any suspicious or hacking activity.

Well, keeping these features in mind. We can install few plugins that can help us achieve similar level of protection and that too free of cost. We just need to ensure that we configure the plugins in the right manner. Here’s the guide …

Get VaultPress Security Features Before Hand!

1. Automatic WordPress Backup – This little plugin saves all the important files including themes, plugins and database on Amazon S3. The plugin allows you to schedule the backup of the database or just files or if you want you can ask for the complete backup as well. The plugin will send you the confirmation messages over the email, so you will constantly be aware of the happenings. Amazon S3 can be used as a backup service for your blog’s important files and believe me in most of the cases this will not cost you more than $5/month. Only in case of large publishers this cost can be more than $15/month i.e. the indicative price of VaultPress. By the way, Amazon S3 can help you in improving the site load time as well, don’t forget to check our guide on how to optimize the WordPress blogs.

2. WordPress Firewall – This nifty plugin monitors changes in the files, attacks based on various Zero-day patterns. Of course, this is not the ultimate solution however, our experience has been pretty neat with this plugin. It did alert me whenever I tried to make any change in the theme files or plugin files. It didn’t allow the change until and unless I approved the change. Make sure that if you are planning to install this, then you may get lot of notifications. So keep the settings appropriate or use GMail filters for ease!

3. OSSEC – OSSEC is an Open Source Host-based Intrusion Detection System. It performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response. Of course, this is something which will not be as easy as installing WordPress plugins, however investing a little time on this can ensure that you’ll have real peace of mind in future!! There is enough documentation available for avoiding initial hiccups!

Of course, the first two plugins won’t ensure that you are getting instant and real time backups. However, a regular and weekly backup will ensure that you’ll be able to bring your blog back from a situation where nothing will look nice in the world. I hope you understand the point that i’m trying to make here! If you install OSSEC then I’m sure one could easily compare this setup with something that VaultPress will offer in future!

Isn’t it neat that you can enjoy the VaultPress like features even before you can get a hand on it or if VaultPress looks out of budget!

The success of VaultPress will depend on the following factors; 1) what will be the cost involved for end users and 2) how effective its monitoring system will be. I’m sure the takers of this service will be much more than any other similar service as it directly comes out from the makers of WordPress. However, personally I’ll be willing to test other services if they offer similar features at a competitive price. What are your initial thoughts on VaultPress.

4 Comments / Add yours

Blog Design Studio