Migration complete… but where are the images?

Trello board tracking the migration of my websites
Trello board tracking the migration of my websites

For much of the last two weeks I’ve focussed on two things:

  1. Redesign my website (garethjmsaunders.co.uk)
  2. Migrate that site, this blog, my SEC digital calendar site, and the NYCGB alumni website to a new web host (SiteGround).

I’ve managed to complete the project three days early… well, kind of.

WordPress… we have a problem

One unforeseen snag has been to do with the media (images, PDFs, zip files, etc.) on this blog.

I’ve been using WordPress since version 0.7 in 2003. During that time I’ve been uploading image after image, and as WordPress changed the way that it stored images I’ve experimented with different ways of organising it—even simply uploading the images to my server via FTP. I must have tried about four or five different arrangements.

For the most part, though, I’ve been uploading files directly into /wp-content. Occasionally I’d switch on the “organise my uploads into month- and year-based folders” option.

In short the organisation of media on this blog has been a mess, and I’ve always shied away from addressing it because… well, it worked.

When I came to consider migrating this blog from Heart Internet to SiteGround I did think about the media: would it be a problem if I simply transferred everything over as is and sort it out there.

I was a fairly tight schedule (it had to be completed by 20 January so that my Heart Internet hosting account wasn’t renewed) and I reckoned that since it worked fine at Heart Internet then it should work at SiteGround.

I was wrong.

cPanel and the mystery of the 1,998 files

SiteGround uses cPanel. As Wikipedia explains, “cPanel is a Linux-based web hosting control panel that provides a graphical interface and automation tools designed to simplify the process of hosting a web site.”

cPanel uses Pure-FTPd, a free (BSD licence) FTP server which by default shows up to 2,000 files in each folder. I found that out after the event tucked away in the cPanel documentation.

I had 3,688 files plus 10 directories in my /wp-content folder and I couldn’t figure out why it would only display 1,998 files and the previously  visible directories, such as /plugins and /themes had disappeared.

So…

I am manually working my way through the media library. Uploading files into the appropriate /wp-content/uploads/<year>/<month> directories and updating the database to tell WordPress where the files are.

For those files that were uploaded before there was such a good media library I’m using the Add From Server plugin to quickly import media into the WordPress uploads manager.

This is going to take a while, so please bear with me.

Update

Monday 19 January 2015

I’m making good progress already. I’ve fixed 360/700 images in the media library. That’s 51%, just over the halfway mark.

I’m finding it strangely satisfying getting this sorted out. A bit of website gardening.

The cobbler’s shoes, pt. 2

Back in April I wrote a post called the cobbler’s shoes in which I made the poor excuse that I hadn’t redesigned my website for 11 years because I had been too busy building sites for other people.

We also had three children in that time who turned out to be somewhat time-consuming, and they didn’t simply auto-upgrade on a one-click four month roadmap like WordPress.

The plan

I concluded with the following (slightly amended) plan:

  • Move to a new host.
  • Standardise URLs, which will also mean that after 11 years on a sub-domain this blog will move to www.garethjmsaunders.co.uk/shed/. (See update below)
  • Mobile-friendly sub-sites.
  • Use a content management system or two.
  • Delete a lot of content.

Of course, if you were to visit garethjmsaunders.co.uk right now you might just notice the tiny detail that erm… in the last eight months I’ve not quite managed to do any of the above.

The truth is that I delayed my plans for two reasons:

  1. My web hosting with Heart Internet wasn’t going to expire until mid-January 2015, they don’t offer pro-rata refunds, and I didn’t fancy having to buy hosting twice in a year; and
  2. the little matter of me getting viral meningitis in July in which I lost my sight for a couple of months. It turns out that I often relied on my eyesight for building websites.

So, this is it. Over the next month I’m planning to go through with what I’d sketched out in April.

Everything must go…

One of the things that I realise that I’ve dithered about while planning this is the “delete a lot of content” bit. I’ve got a lot of content on my site that hasn’t been updated in a long, long time (sorry). Some of it is out of date, but a lot of it isn’t but currently it’s too much for me to migrate neatly.

A lot has changed in the lasts 11 years. I no longer use a Psion (although I do still rather enjoy people emailing me about them) and I haven’t written a line of code for one for the last decade. Sadly I haven’t played mahjong much (except on the computer) in the last six years, since writing a book on it and, oh, our oldest children have just turned six—do you see a connection? And nobody really needs to read my poetry from the mid-90s, or essays I wrote at theological college, do they?

So it’s all going. Except this blog, and a few other bits and pieces. Some of it may make a reappearance at some point in the future, in a different format, but for now I need to clear the decks and give myself the space to focus on the projects I want to pursue next year, which is mostly writing. And getting well.

I just want to take this opportunity to especially thank the Psion and mahjong communities for your support over the years. I’m sorry I’m bailing out at this point but my priorities are currently different.

See you on the other side, which will now be at www.garethjmsaunders.co.uk/shed/ rather than on the ‘blog’ subdomain.

Update

Thursday 8 January 2015

After much deliberation I have eventually decided to retain my www.garethjmsaunders.co.uk subdomain. For a number of reasons:

  1. I was never really happy with my blog moving to www.garethjmsaunders.co.uk/shed/. If anything I’d want www.garethjmsaunders.co.uk/blog/ but that’s not possible in WordPress multisite other than importing the blog into the root site, and I wasn’t happy with that because…
  2. I want to keep the designs of my website and my blog different.
  3. I realised that my website and my blog serve two very different purposes and therefore I wouldn’t necessary want to tie both to the same content management system.
  4. My blog has been on the ‘blog’ subdomain since 2004, according to the WayBack Machine. If I moved the blog from that subdomain it would adversely affect search results and existing links to my blog. (I could of course use an .htaccess file to redirect traffic, but… it just seems unnecessary.)
  5. I visited a couple of other sites today who had their blogs on a blog subdomain and I thought that looked cool.

And so there you have it, for now it is settled. This blog isn’t moving… except, of course, it is. Because I’m going to move it very shortly to another server.

See you on the other side…

The sunk cost fallacy in action

Man sitting on a pound sign submerged in water, surrounded by sharks.
Source: iStock

Earlier this year I started to plan a major redesign for my website garethjmsaunders.co.uk — most of it hasn’t had a redesign since about 2003; it’s still built around a table layout!

In the process of redesigning the site I learned a really important lesson that in the long run has saved me hours and hours of development. It’s to do with the sunk cost fallacy.

A bridge too far

I’ve completed plenty of site designs in both my personal and professional lives. This was going to be no different. I did some initial research, sketched out the layout and features that I’d like and then looked around for a suitable premium WordPress theme that I could use. I settled on Bridge by Qode, which cost me US $58 (approx. GBP £35).

Bridge seemed to offer the features and flexibility that I was looking for in a theme. But once I had downloaded and installed it on a test site on my local development server I discovered just how complex it was.

At the time it offered around 10 demonstration sites to help you get to grips with all the possible permutations. It now boasts 42 ready-to-use demos.

I spent a good two to three weeks just installing demo sites and trying to reconcile what I was learning hands-on with the documentation. And at the end of that period, to be honest, I really didn’t feel that I was anywhere closer to understanding how I might use the theme. Bridge is a hugely capable theme, however, it simply offered too much for my requirements.

But I felt that I had to persevere, I had spent both time and money on it, after all. Surely it had to get easier if I installed another demo site, and read the documentation just one more time, and… presumably spent another 2–3 weeks trying to understand the minutiae of this theme.

Sunk cost fallacy

It was at that point I realised that I was falling into the ‘sunk cost fallacy’.

In economics, a sunk cost is any cost that has already been paid and cannot now be recovered. So in this example, I had already bought the Bridge theme. I had spent £35 and wouldn’t be able to get a refund.

The fallacy that I was falling into was that I was making decisions about the future of my site based on past expenses. Or as You Are Not So Smart puts it

[y]our decisions are tainted by the emotional investments you accumulate, and the more you invest in something the harder it becomes to abandon it.

I felt that because I had spent money on something, even though I was finding it too complex and not entirely suitable for the purpose I’d bought it — despite all that — I still felt that I ought to persevere and try to make it fit my needs.

What a divvy!

Divi

Freed by my decision to simply let go of using Bridge for this project, I went shopping again.

When I’d been looking around for themes to start with, I had narrowed it down to two: Bridge and Divi by Elegant Themes. So I bought Divi (USD $89 per year / approx. GBP £55).

In the long run that mistake has cost me money, but the time that it has saved me is immeasurable (or rather, I haven’t actually measured it).

The theme does exactly what I need and in a fraction of the time. I find the theme’s interface really intuitive, and the restrictions it puts on me (by not trying to do everything in every possible way) challenges me to be more creative with what I’ve got. Too much choice is a bad thing, remember.

Conclusion

The sunk cost paradox is certainly something to bear in mind the next time you need to make a decision: don’t necessary let past costs (time or money) influence your decisions about the future.

Lifehack has an interesting article about how the sunk cost fallacy makes you act stupid.

Hacked (pt.3) or how to clean a compromised WordPress site

The word 'hacked' within ones and zeros.
Source: iStock (10623991)

This is the kind of post that I’ve thankfully not needed to post for over nine years. Today one of my WordPress sites got compromised.

It all began with an email this afternoon from AntiVirus a WordPress plugin that scans your theme templates for malicious code injections. The email read:

The daily antivirus scan of your blog suggests alarm.

I had to laugh at the phrase “suggests alarm”. But after I laughed, I accepted their suggestion and for a few moments felt alarm, before realising that panic was no use and besides, I knew what to do.

Two candidates

I’m still not 100% sure what caused the code injection but I currently suspect two potential sources of infection:

MailPoet

I may have been one of 50,000+ victims of the MailPoet vulnerability that was made public days before I went down with viral meningitis! I had that

As the MailPoet site states:

There was a security issue in all the versions of MailPoet lower to 2.6.8, this security issue was making your site highly vulnerable (blog post).

It can really only have been a plugin vulnerability as I have to manually unlock FTP access whenever I want to upload anything. So it had to be an ‘inside job’. And I had MailPoet (formerly WYSIJA) installed that account.

Outdated theme

Alternatively, it may have been a premium theme that I was using that had the Slider Revolution plugin embedded. This was reported to have a critical vulnerability last month.

I thought I had patched it…, but, perhaps with my meningitis-muddled head I didn’t do it properly.

How to clean an infected WordPress site

Whatever it was, it injected a bunch of obsfucated code into the top of all the PHP files on that site. A give away was that in the WordPress plugins screen all the plugins were disabled and reporting “the plugin does not have a valid header”.

If something similar happens to you, then you might find the following steps useful:

  1. Change passwords for:
    1. WordPress admin
    2. FTP
    3. MySQL database
  2. Backup all the files on the site. (That took ages!)
  3. Delete all WordPress core files including themes and plugins (Do not delete user-uploaded content, e.g. images, PDFs, etc.)
  4. Download clean installation of WordPress.
  5. Upload clean WordPress files (except wp-config-sample.php).
  6. Rename wp-config-sample.php to wp-config.php, update with database details and upload.
  7. Upload a clean version of your theme (remove themes that you are not using).
  8. Install and activate required plugins including antivirus and security plugins.
  9. Check other PHP files for compromise, not just WordPress files.

I found this post on the WordPress support site useful: I am getting hacked evry two weeks? Help please. There are some useful links listed on how to clean a WordPress installation.

The main lesson for me to learn from this episode is to make sure I never get viral meningitis again when there are two (or more) critical vulnerabilities in the wild!

Oh, yeah, and always keep your WordPress themes and plugins updated… and if in doubt just delete them before they can cause any problems.

Update

Sunday 19 October 2014

It looks like, based on this blog post from Sucuri WordPress Websites Continue to Get Hacked via MailPoet Plugin Vulnerability that the source of the infection was indeed MailPoet.

Windows 8.1… at last!

Start screen under Windows 8.1 (now with more tile sizes)
Start screen under Windows 8.1 (now with more tile sizes)

This afternoon—after having made sure that last night’s backup happened successfully—I upgraded my PC to Windows 8.1 Pro (64-bit). It had been running Windows 8 Pro (64-bit), so just a 0.1 upgrade! Unlike last year’s botched attempt, this time it was successful and took less than an hour.

Issues

Only three applications complained:

  • 8GadgetPack didn’t run until I’d installed the latest version.
  • Microsoft Windows Mobile Device Center 6.1 reported that it was incompatible. No problem: I’m not using a Windows Mobile phone now. I’ve uninstalled it.
  • SteelSeries Engine reported that it couldn’t initialize. I had suspected my SteelSeries Sensei mouse to be the main culprit in last year’s failed upgrade, so I wasn’t surprised. Downloading the latest version seems to have sorted this.

Tweaks

I’m still using two applications to tweak the Windows 8.1 experience:

  • Start8—Adds the classic start menu back to Windows 8/8.1.
  • Decor8—Personalizes the Windows 8/8.1 start and login screens.

Relief

What a relief to finally get it installed, and without any problems whatsoever. Dear Microsoft, I wish it had been this straight-forward seven months ago. But thank you.

I tweeted my progress through the upgrade: