There are many possible ways to start blogging and simple web search will show you many “in-few-clicks” offerings from many providers of blogging platforms. However, if there is a little hacker devil standing on your shoulder trying to convince you to do it yourself and you happen to follow him, you may find this post useful as I am going to document what My Way looked like.
Arm yourself with a patience, you will need it. List of things to do, happened to be much longer than I initially expected. Installing and configuring software is not always predictable process so you are likely to spend quite some time on Stack Overflow or elsewhere trying to find solutions for you small problems along the way.
Buy a domain
The first thing you’ll need is to buy that string standing on the left from “.com”, “.net”, “.io” or something of that sort. Hmmm, but who to buy it from? Many options are there, but I decided to go for one of the biggest ones: GoDaddy. They are likely to attend you with pop-up ads, offering you things you don’t need, but it is still easy to ignore them and do what you came for: select available domain, buy it and set up DNS name servers (depending on the next point).
Rent a server
You will need some hardware to run your blog on. Pick your favorite cloud provider. My choice was a small Digital Ocean droplet (their term for a server). They can provision you a droplet in less than a minute and give you root ssh access to it (of course only after you sort out the billing matter). They provide nice management and monitoring console too. To link domain to this server it is necessary to set Digital Ocean’s name servers (ns1.digitalocean.com, ns2.digitalocean.com, ns3.digitalocean.com) in GoDaddy setup page for the domain. Furthermore, it is needed to set up DNS record for this domain in Digital Ocean and set at least A resource record (enables direct DNS lookup) to point to droplet’s IP address. It is also wise to name droplet after full domain name as that creates PTR resource record (enables reverse DNS lookup).
Setting up a server
During server provisioning Digital Ocean also installs operating system of your choice (i.e. Debian). Before doing anything else on the server, it is a good idea to strengthen the security a bit. Googling “First 10 minutes on a server” will give you many ideas on what is good to do in order to improve security of base Linux installation.
Installing and Configuring WordPress
WordPress is the most used and lightweight CMS (Content Management System) platform for blogs and smaller sites. Joomla and Drupal are more feature rich but for simple blog WordPress can meet all your needs. Community is active and there are many plugins fulfilling most of your potential needs. WordPress.org (don’t confuse it with WordPress.com which is commercial hosted option) offers open source version which you can install on premise. They provide quite good documentation and tutorials on how to install and configure WordPress software together with necessary dependencies (MySQL, Apache/Nginx). LAMP (Linux, Apache, MySQL and PHP) stack serves as a good base for installing WordPress.
Once LAMP stack and WordPress are installed you should be able, for the first time, to see your site online and access WordPress management console which is later used as the main point for writing and publishing your posts as well as doing all necessary setups and installing plugins.
It is important to understand the WordPress installation. It stores data in database and on filesystem.
- Database is the home for blog posts and pages
- File System is the home for everything else including
- WordPress core files
- Theme files
- Plugins
- Media files
- etc.
As we will later see, both database and filesystem data should be subject to backup.
Pick and Customize WordPress theme
The initial out of the box look and feel may not be what you really want your site to look like. Fortunately there are many themes which you can install which change look and feel. I thought that a simple theme like Carrington Theme would be good fit for this blog. So, I went for it.
However in order to customize the look and feel further, you need to get into the theme files and do some small coding here and there. All of these theme files are under sub-directory wp-content/themes inside main WordPress directory. At this point it is important to understand how WordPress themes are organized and how are they rendered. Again, this is a good point to read one of numerous tutorials online. Essentially the main files are:
- header.php
- specifys the header of the website
- sidebar.php
- specifys the sidebar on the right side of each page
- footer.php
- specifys the footer of the website
- page.php
- controls the rendering of pages
- post.php
- controls the rendering of blog posts
- loop-default.php
- controls how individual blog posts are shown (for example: title, author, date, comments)
By customizing these files, the look and feel started looking more to what I wanted.
About/Contact page
It is a good idea to add About page to introduce readers who you are and how you could be contacted.
Disclaimer
In case you are employed it is a good idea to contact HR department and ask whether there is a Blog policy. Normally, as long as you don’t write something which could embarrass your employer, it is accepted and even encouraged to write a blog. Just to be on the safe side, make sure you get green light from HR, inform your manager. In addition to that it could be a good idea to add disclaimer somewhere on your site (About page or footer as in my case) saying that opinions are your own.
Commenting system
To make your blog interactive you should install commenting system. There is the one coming as a part of WordPress but, in my opinion, it is too simple and it would require you to manage users on your own. In case you are just starting blogging this could turn potential readers away from commenting. On the other hand, many bloggers integrate Discuss commenting system. Also many people already have account with Discuss and can use it to post comments on blogs which integrate with Discuss. Discuss widget ingrates well to any Theme and is is quite lightweight. In addition, it offers logging through other identity providers like Facebook , Twitter and Google. I can recommend it.
Backup
It didn’t take me long to get reminded of the value of backup. During installation I somehow happened to screw up my WordPress installation. I was lucky enough that this happened after I took the backup so that damage wasn’t high. I didn’t have to start all over again and could recover almost all from the backup.
There are many plugins for backup and my choice was UpdraftPlus. In case you want to synchronize your backup to the cloud I can suggest integrating UpdraftPlus with GoogleDrive. It gives you a free and reliable option. For example, I have scheduled weekly backups and each Friday (and every time I trigger it manually) 5 files land on in one of my Google Drive directories. Those 5 files are capturing the snapshots of: database, plugins, themes, uploads and others. This is what WordPress instance consists of. Also this plugin offers restore function.
Analytics
In case you would like to analyze the traffic to your blog, you need to integrate with some web analytic service (or maybe install some web analytic plugin). Google Analytics is a giant in this space and it offers quite a good service. It is easy to integrate and it allows really good insight into your blog visits. You can slice and dice across many dimensions in order to get better understanding of your readers and how they end up on your blog.
Mail server
As you have your domain you may wish to have you personal email for that domain too. There are many reasons not to do it yourself but if that little hacker devil is still whispering in your ear you may check my separate blog post (to come…)
Mail campaigns
Many say, it is important to start building email list of your readers from the beginning.
But how do you do it? Emailing is not that simple. You should take basic security measures and ask subscribers to validate their email, and give them easy way to unsubscribe if they wish.
MailChimp (another big player SendGrid) is a popular service which specializes in this area. It is free for first 2000 emails which should be more than enough to start with. It offers email signup forms which could be embedded into your blog. By following the link from form, user adds a couple of required fields and further validates the email. You, as a blog owner get notified through email about new subscription and can organize users in email lists on MailChimp website. However the main function of service is to help you with designing and sending email newsletters to bigger audience and increase the likelihood that emails get delivered to users inboxes instead of ending up in spam folders (this is the difference between sending and delivering email).
The main problem is that you have to solve email server setup (above point).
SEO
Be friendly to search engines from the beginning. It is often the main source of traffic to your blog. I use one plugin called “Yoast SEO”. It helps with advises on what to do in order to make your content more appealing to search engines and increase your chance to be around the top of search results.
Security
Once (even before) all is set up, it is important to keep it secure. With security as a constant battle between good and evil you can never be 100% sure you are safe. However you should take some precautions measures and make it as hard as possible for bad guys to break in. For this reason it is important to well secure Linux installation and make externally visible only those ports which are absolutely necessary and manage your passwords well. It is also recommended to install one of the security plugins which will periodically scan WordPress instance and report any issues. Plugin “Wordfence Security” seems to be one of the most popular. It is also recommended to keep WordPress as well as plugins on the latest version.
Keeping an eye on the web server logs and blocking traffic from problematic sources is also useful measure. For example, in my case, I spotted a brute force attack on xmlrpc API (which is on, by default, and enables publishing posts through other applications, i.e. desktop application), all coming from the same IP. When I blocked that IP it soon started coming from another IP. You can (and I would advise so) disable XML-RPC API . Even though this prevents the attacker to make much damage it is still generating a lot of traffic from some problematic source IPs. By disabling XML-RPC API web server starts sending 403 (instead of 200) in response. However the load on web server is still there and it needs to handle all the traffic from the attacker. It is a classic DDoS attack. As long as there are not so many problematic IPs one decent solution is to block those IPs on the firewall level. This is where iptables tool comes handy. With it, you can manage firewall rules on Linux kernel level.
Other small stuff
Favicon
Most websites have favicon icon and it really helps in case user has many tabs open. First you need to design the favicon (or take the existing one). There are many websites which offer web tools to aid this design. Once you have your small image you just need to upload it at a specific place under your WordPress base directory. There is another small plugin called “All in one Favicon” which could help you with this. Small visual icon should help user to get back to your blog among many other open tabs and it also builds in a small way your personal brand.
Social Media share buttons
If you wish readers to have a possibility to share your posts on social networks it is a good idea to add social media share buttons. One easy way is to do it through a small plugin called “Simple Share Buttons Adder”. You can even code it yourself (several lines of html code).
I hope this was helpful. Enjoy the rest of your blogging journey, no matter which path you take.
