{bjørn:johansen}

Farewell to the WordPress Community

Mon, 21 Oct 2024 21:13:20 +0000

So Long, and Thanks for All the Fish

Can WordPress.org be liberated?

Fri, 18 Oct 2024 17:07:00 +0000

Is it likely that control over wordpress.org will be taken away from Matt Mullenweg?

Migrating from WordPress to Hugo

Wed, 16 Oct 2024 23:07:00 +0000

Yesterday, I migrated this blog from WordPress to Hugo. These are the steps I took to do so.

Goodbye WordPress, Hello Hugo

Tue, 15 Oct 2024 19:11:22 +0000

This afternoon’s hobby project was to convert my WordPress blog into a static site using Hugo.

Memento mori

Fri, 04 Jan 2019 17:23:55 +0000

One day you will be gone. What defines your legacy, is not the gadgets you had, but what impact you left behind.

Install and update translations in WordPress with Composer

Fri, 10 Aug 2018 19:45:23 +0000

Using Composer is a great way of organizing your WordPress project, with WordPress itself, plugins and themes declared as dependencies. However, an issue I’ve often seen is how you install translation files and keep them updated.

Wildcard certificate from Let’s Encrypt with CloudFlare DNS

Thu, 09 Aug 2018 18:12:42 +0000

If you’re using CloudFlare to host your DNS, there is a plugin for the official Let’s Encrypt client Certbot you can use to easily acquire and renew wildcard certificates from Let’s Encrypt.

Debug and profile your WordPress sites with Xdebug in Local by Flywheel (using PhpStorm)

Mon, 04 Jun 2018 17:11:09 +0000

This article is not an introduction to neither Xdebug, Local by Flywheel nor PhpStorm, but shows you how you can get started with debugging and profiling your WordPress sites in PhpStorm when using Local by Flywheel as a local development environment. You should already know what Xdebug is before reading this article. This is how you get started with Xdebug in Local by Flywheel.{{ double-space-with-newline }}

Gravity Forms personal data exporter and eraser

Thu, 24 May 2018 00:25:56 +0000

When WordPress 4.9.6 launched on May 17, 2018 it came with new tools for exporting and erasing personal data that you may have collected (you know, GDPR and all). But Gravity Forms as of version 2.3.2 doesn’t integrate with these tools. Fortunately, it is really easy to write your own exporters and erasers.

How to mitigate CVE-2018-6389 – the load-scripts.php DoS “attack” in WordPress

Mon, 12 Feb 2018 22:38:40 +0000

A little sensationalist written blog post by Barak Tawily claims that WordPress is vulnerable to a DoS attack because of the load-scripts.php file which concatenates JavaScript files on the fly.

HTTP/2 Push WordPress Assets to First-Time Visitors

Mon, 29 Jan 2018 23:27:56 +0000

With HTTP/2 push you can effectively send a web page’s assets to the client before the client even knows about them. Here’s how you can HTTP/2 push WordPress assets to your first-time visitors.{{ double-space-with-newline }}

Another day, another “WordPress security vulnerability”

Sat, 27 Jan 2018 00:36:35 +0000

OMFG, BREAKING NEWS: Thousands of WordPress sites affected by some vulnerability.{{ double-space-with-newline }}

Welcome to WordCamp Oslo 2018

Thu, 25 Jan 2018 17:18:42 +0000

On March 2–4 2018, Friday through Sunday, there will be a great chance to meet WordPressers at the conference WordCamp Oslo 2018.

Cut 90% of your WordPress translations loading time

Sat, 20 Jan 2018 20:59:27 +0000

WordPress translations are compiled from human-readable PO-files into machine optimized MO-files, but still takes a lot of overhead to load. If you only could cache the translation load time, you would save a lot of page load time. We can easily cut 90% of our WordPress translations loading time.

Git Pre-commit Hook for WordPress projects

Sat, 20 Jan 2018 19:43:51 +0000

Wouldn’t it be cool if you, in your PHP project could define a package that makes sure that everybody who even tries to commit code is forced to follow the project’s defined coding standards? Yeah, me too. So I created this Composer plugin you can use in your projects.

Speed up the output by 1000x with a WordPress menu cache

Sat, 20 Jan 2018 18:29:37 +0000

Generating the menus in WordPress is quite resource intensive. Sites with few visitors and few menu items might not notice this much. But if you have a large amount of menu items, like in a mega menu, in combination with a lot of visitors the menu generation can be a real hog on your server’s CPUs. Let’s see if we can improve the speed with a little WordPress menu cache trickery.

Automate the upgrade of your DigitalOcean droplets

Fri, 19 Jan 2018 01:27:59 +0000

Recently DigitalOcean released new pricing plans where they basically doubled the RAM for the same price of the old plans. But to get the benefits for your existing droplets, you have to upgrade all of your existing droplets in a process that involves shutting them down, selecting the new plan, waiting for the upgrade to happen and power on the droplets again. I have tens of droplets and had no intention of doing this manually, so I wrote a script to use the DigitalOcean API to automate a mass-upgrade of all droplets.

Customize the WordPress maintenance mode page

Fri, 01 Sep 2017 17:00:17 +0000

Whenever you upgrade a plugin, theme or WordPress itself through the WordPress dashboard, WordPress will put itself in maintenance mode and all your visitors will see the maintenance mode notice “Briefly unavailable for scheduled maintenance. Check back in a minute.”

WordPress security for the casual blogger or small business with limited resources

Thu, 10 Aug 2017 16:37:51 +0000

The resources you have available to spend on WordPress security for your website usually vary vastly whether you’re an international corporation or just a hobbyist blogger. But since most attacks are automated by bots looking for vulnerabilities, a lot of the threats are the same. Here are some WordPress security measures that bloggers and small business with limited resources easily can take.

Use mu-plugins for adding custom functionality to your WordPress site

Wed, 09 Aug 2017 16:35:35 +0000

If you google “functions.php” you get about 7 million results. I bet most of them contain bad advice: “How to add functionality to your WordPress site”. Some of them continue even worse: “[…] without using a plugin”. For your own good, don’t edit functions.php to add custom functionality to your WordPress site. You can use mu-plugins to do that.

Don’t be “clever” with the translatable strings in your WordPress plugin or theme

Sun, 06 Aug 2017 09:30:00 +0000

Since I translate a lot of WordPress themes and plugins, I sometimes come across plugins who try to be clever with their translations. This tends to not work so well in reality.

Do people struggle with Yoda conditions for real?

Fri, 04 Aug 2017 11:45:57 +0000

I’ve been using, and advocating for others to use, Yoda conditions for a long time. Sometimes, I read or hear about someone who doesn’t like them, without actually describing why. From time to time I read a blog post that advocates against it: And it’s always the same reason.

A reference of all outgoing WordPress emails

Thu, 03 Aug 2017 18:53:30 +0000

As you may know, WordPress sends out email notifications from time to time. Actually, as of WordPress 4.8.1, there are 24 different occasions when WordPress will send an email message. Don’t you think it would be useful to have a reference of all outgoing WordPress emails?

The bus factor in the WordPress project

Sun, 18 Jun 2017 19:19:01 +0000

During WordCamp Europe 2017 in Paris, there was a Q&A session with Matt Mullenweg. I wanted to ask him a question, but due to high demand and restricted time, I never got to ask him. I guess Matt is a busy person, so I don’t expect him to actually answer this question himself. But maybe someone in the WordPress community has answers, insights or ideas? A person is the CEO of one of the most important WordPress-related companies.

Proper RFC 4122 UUIDs as GUIDs in WordPress

Sat, 10 Jun 2017 15:05:02 +0000

UUIDs (Universally Unique IDentifier), also known as GUIDs (Globally Unique IDentifier), is a string that identifies a piece of information in computer systems. WordPress use GUIDs to identify each individual post, but use URLs (kind of) for GUIDs, and thus does not follow the standard definition (RFC 4122) of a UUID (or GUID).

Secure email: Encrypt and sign your emails with PGP/GnuPG

Thu, 25 May 2017 11:49:24 +0000

Email is fundamentally insecure. There are such a plethora of issues with it, it is crazy to think about the kind of information sent with it. It is probably even crazier when you realize we’ve had a solution for sending secure email since 1991.

Six reasons why I love WordCamps

Mon, 15 May 2017 14:21:19 +0000

This weekend I was at WordCamp Berlin, met a lot of great people, and watched a lot of interesting presentations. WordCamps are actually quite informal by themselves, but at the afterparties, people are really letting their shoulders down and it often seems like people are long-time personal friends. If you open up to it, it won’t take long until people will give you feedback on whatever you have released in public.

DNS privacy: Use a DNS provider that doesn’t track you

Sat, 25 Mar 2017 02:01:03 +0000

Many ISPs and other DNS providers are slow or inject ads, track you, hijack DNS queries or do other nasty stuff. To mitigate this, you should use a fast, reliable and free service that respects your DNS privacy.

Self-destructing cookies: Real, forced Do-Not-Track for your privacy

Fri, 24 Mar 2017 19:22:35 +0000

This is the second post in my series of posts on some of the tools I use to stay a little safer and protect my privacy online. With self-destructing cookies, you get a clean sheet even with those who don’t respect the Do-Not-Track header.

How to perform and mitigate a WordPress session donation attack

Wed, 22 Mar 2017 15:16:56 +0000

WordPress doesn’t use a nonce for the login form, which opens up for you to perform a WordPress session donation attack.

Immutable assets with unique URLs in WordPress for enqueued JS and CSS files

Tue, 21 Mar 2017 19:47:48 +0000

If you’re utilizing the browser cache correctly, you’ll gain huge performance benefits for your users, as well as save bandwidth and server capacity which equals to saving money. To do this right, you must create unique URLs for all versions of your resources, and tell them to never ask for the content again by telling the browsers that the assets are immutable resources.

Secure messaging on your phone with the Signal app

Mon, 20 Mar 2017 12:40:49 +0000

I’m running a series of posts on some of the tools I use to stay a little safer and protect my privacy online. Here’s how you can get much better secure messaging on your phone using the Signal app.

How CloudFlare handled CloudBleed

Fri, 24 Feb 2017 09:27:05 +0000

Tavis Ormandy from Google’s Project Zero contacted Cloudflare to report a security problem with their service. It turned out that in some unusual circumstances, they would bleed memory that contained private information.

Giving users a helping hand when authorizing them in WordPress

Tue, 24 Jan 2017 07:17:14 +0000

Inspired by how Facebook assists their users when they log in, I decided to implement something like the same for WordPress.

Tracking visitors with adblockers

Mon, 23 Jan 2017 20:02:19 +0000

More and more users are using adblockers or surfing the web via private browsing with tracking protection. But this also affects your web analytics, as the blockers also will block analytics tracking – not only third party services like Google Analytics, but also self-hosted solutions like Piwik.

Move your WordPress site from non-www to www domain

Mon, 23 Jan 2017 18:49:14 +0000

So, you’ve launched your WordPress site on a non-www domain, like example.com, but since then found out that running it on on www, like www.example.com, is better and want to move? You’re in luck, because it is really easy.

To www or not to www – Should you use www or not in your domain?

Fri, 20 Jan 2017 17:49:52 +0000

For 20 years or so, there has been the debate over whether you should use www or not in your web site’s canonical hostname. So should you use www or not?

Keep the internet healthy – Internet for people, not profit.

Fri, 20 Jan 2017 14:27:45 +0000

“ A healthy Internet needs all of us”, Mozilla states. And they’re right.

Encrypt and decrypt a file using SSH keys

Thu, 05 Jan 2017 17:25:41 +0000

If you have someone’s public SSH key, you can use OpenSSL to safely encrypt a file and send it to them over an insecure connection (i.e. the internet). They can then use their private key to decrypt the file you sent.

Flexible Content Fields in Field Manager

Fri, 02 Dec 2016 19:42:06 +0000

Field Manager doesn’t have a flexible content field type as Advanced Custom Fields Pro does, but it is possible to mimic the functionality by using a little logic.

Do you want my time for free?

Mon, 17 Oct 2016 14:31:51 +0000

Publishing open source software or articles for free is very giving. Not only does it give you a warm fuzzy feeling inside when someone appreciates what you release, but it can also have other indirect consequences that give you a happier life.

But when something is free – as in no cost – people will also often turn to a mindset where they don’t appreciate your effort, time or value as a human being. For some reason, some people forget all about being polite and demands that I give them professional support because they can’t read instructions, don’t know what they are doing, or just feel like their time is much more important than mine.

WordPress plugins with the most reported vulnerabilities

Sun, 16 Oct 2016 17:55:19 +0000

Top 10 WordPress plugins with the most reported vulnerabilities according to the WPScan Vulnerability Database. [wpvulndb_chart] Please note that past vulnerabilities do not necessarily reflect the plugins’ state today. Reporting vulnerabilities so they can be fixed, is a good thing. What’s the data source? I wrote a script that once per day will download the WPScan Vulnerability Database and count the vulnerabilities per plugin. The result is published in a JSON file here (use this source at your own risk, it might go away or be changed without any notice), which I parse to use as data source in the above graph.

Moderate WordPress comments with WP-CLI

Sun, 16 Oct 2016 14:04:46 +0000

I very much appreciate comments that bring new insights, corrects my errors, or leaves a thank you note. But even so, it is a bit tedious to moderate comments. Though logging into WordPress – even with two-factor authentication enabled – isn’t much of a hassle, it is still a nuisance when you just want to approve or trash a couple of comments.

How to do an Nginx redirect

Sat, 15 Oct 2016 13:45:01 +0000

Nginx is an extremely efficient and quite flexible web server. When you want to do a redirect in Nginx, you have a few options to select from, so you can choose the one that suits you best to do an Nginx redirect.

The future of Certificate Authorities

Mon, 01 Aug 2016 16:38:47 +0000

With the advent of the fully automated and free of cost certificate authorities Let’s Encrypt and StartCom there is no doubt that the future of CAs are changing.

SVG uploads in WordPress (the Inconvenient Truth)

Thu, 26 May 2016 20:02:07 +0000

Enabling uploads of SVG files in WordPress is quite easy, and there is a tonne of posts on the Interwebs explaining how you do it. Usually along the lines of:

function add_svg_to_upload_mimes( $upload_mimes ) {
	$upload_mimes['svg'] = 'image/svg+xml';
	$upload_mimes['svgz'] = 'image/svg+xml';
	return $upload_mimes;
}
add_filter( 'upload_mimes', 'add_svg_to_upload_mimes', 10, 1 );

And that’s pretty much it.

Except it is not.

Allow SVG uploads to WordPress when behind Sucuri CloudProxy

Wed, 25 May 2016 19:29:02 +0000

Uploading SVG files to WordPress when you’re behind the Sucuri CloudProxy Web Application Firewall isn’t that straightforward, but it is possible.

Let’s Encrypt for Nginx

Thu, 31 Mar 2016 20:48:31 +0000

Let’s install an SSL-certificate from Let’s Encrypt for Nginx.

Run all due cron events for WordPress with WP-CLI

Wed, 09 Dec 2015 15:45:48 +0000

Running a real cronjob is much more reliable than WordPress’ built-in “maybe-will-trigger” solution. But if you’re running a multisite network, you have to add a crontab entry for every site you set up – which is tedious. Thanks to WP-CLI, we can use a small bash script instead, which will run all due events for all sites for us. Oh, and it works for single sites as well.

How to upgrade to PHP 7 on Ubuntu

Fri, 04 Dec 2015 11:31:31 +0000

Depending on your time zone, PHP 7 was finally released on 3rd/4th of December 2015. Even though the general recommendation for production servers is to wait for a little bit and gather some experiences before upgrading, some of us want to jump right on and upgrade to PHP 7.

Restrict allowed HTTP methods in Nginx

Wed, 21 Oct 2015 18:22:11 +0000

Security vulnerabilities are often exploits of software that fails when trying to deal with unexpected input. Other times they are exploits of a misconfiguration or a service that unintentionally was open to the public.

For the above reasons, we should limit as much as possible what services are exposed to the public and limit as much as possible what they do and accept from the visitors. To follow those security principles, we should only allow the HTTP methods for which we, in fact, provide services. Under all normal circumstances, that would be the methods GET, POST and HEAD.

Block access to PHP files on your WordPress site with Nginx

Mon, 19 Oct 2015 20:43:56 +0000

In your WordPress site, there are directories that include PHP files that visitors should never be able to access directly. They are only there for WordPress to function as an application that runs on your server. But because of WordPress’ directory and file structure, they are kind of accessible to the public. All of them are meant to be part of a larger application – WordPress, that is – and should not cause any harm if called directly – that we know. Some of the files execute some code even when ran standalone. An attacker might know of a clever way to make that code run in an unexpected manner, causing harm. To be on the safe side, we should deny access to all these PHP files from the outside world. Since we block access to them in our Nginx configuration, PHP will still run them as usual and WordPress will work just fine.

Restrict access to the WordPress dashboard by IP address in Nginx

Sat, 17 Oct 2015 13:28:16 +0000

If you have a static IP address, like from your office, or your own private VPN, you can increase your security tremendously by restricting all logins to that IP address. The effect is that even if an attacker knows your login credentials, they will not be able to log in or access any part of the WordPress Dashboard.

Redirect all HTTP requests to HTTPS with Nginx

Thu, 15 Oct 2015 19:15:43 +0000

All login credentials transferred over plain HTTP can easily be sniffed by an MITM attacker, but is is not enough to encrypt the login forms. If you are visiting plain HTTP pages while logged in, your session can be hijacked, and not even two-factor authentication will protect you. To protect all info sent between your visitors – which includes you – and your web server, we will redirect all requests that are coming over plain HTTP to the HTTPS equivalent.

Strict file ownership for your WordPress installation

Tue, 13 Oct 2015 17:08:28 +0000

WordPress requires write access to one directory, and that one directory only: the directory returned by wp_upload_dir(). By default, this is /wp-content/upload, but it can be configured to anything that is beneath your document root, like /media, if you want to.

Exclude certain requests from the Nginx access log

Sun, 11 Oct 2015 14:33:03 +0000

Logs are nice and all that, but sometimes certain entries are there just to fill up the logs or are cluttering them. Here’s a few ways to exclude requests – by URL or visitor IP – from the Nginx access log.

Configure your local Postfix to relay through a transactional email service

Fri, 09 Oct 2015 13:10:10 +0000

Using Postfix with specialized, transactional email services like SendGrid or Mandrill is excellent for not only for optimizing email deliverability, but they usually also offer some nice features.

Two Factor Authentication for WordPress

Wed, 07 Oct 2015 07:56:02 +0000

If you’re using a strong password, brute-forcing is a very inefficient way of breaking into your WordPress account, and if it is really strong, dictionary attacks won’t help much either. However, there are are other, easier, ways for a mischievous person to get their hands on your login credentials e.g. with phishing, keyloggers or a MITM attack. By using a two-factor solution, you will increase your login security by an order of magnitude.

SSH timeout prevention – keep SSH sessions alive

Mon, 05 Oct 2015 14:36:42 +0000

SSH timeout due to inactivity is annoying. Here’s how to keep your SSH sessions alive and prevent the SSH timeout:

WordPress behind Big-IP

Mon, 28 Sep 2015 17:09:42 +0000

To be honest, I don’t exactly know too much about Big-IP, but I’ve come across someone who use it. They terminate HTTPS in Big-IP and WordPress runs on plain HTTP on port 80 on the backend nodes. By default, this makes WordPress confused, so you can’t login to the WordPress dashboard.

Enable HTTP/2 on Nginx

Tue, 22 Sep 2015 19:26:43 +0000

Experimental support for HTTP/2 became available in Nginx version 1.9.5 (mainline). It is really easy to enable, and I’ll show you how.

HTTP Public Key Pinning (HPKP)

Thu, 16 Jul 2015 11:39:19 +0000

Using HTTPS helps preventing someone from snooping your username/password or hijacking your sessions. Using HSTS makes sure the connection stays on HTTPS, even if a MITM tries to redirect you to the plain HTTP version of a web site. But it is easier than you might think for a MITM to use a rogue certificate, making you believe everything is fine. HTTP Public Key Pinning (HPKP) helps the browser check that everything actually is fine.

Privacy Policy

Wed, 22 Apr 2015 17:58:32 +0000

TL;DR: Your computer is sending my server data. I promise I won’t abuse that data. I’m also doing my best to make sure that any 3rd parties won’t abuse you either. Last updated: 2024-10-18 The website available under the address https://bjornjohansen.com is the personal blog of Bjørn Johansen (hereafter “I”). I am the data controller responsible for taking care of the personal data you may send my way. This document describes how those data are protected, and your rights regarding them.

The slides from my presentation on HTTP/2 at WordCamp Belgrade 2015

Sat, 18 Apr 2015 06:52:48 +0000

Here are my slides from WordCamp Belgrade 2015: HTTP/2 is here – Unlearn your optimization skills If you’re having issues with the HTML version, you may download a PDF here.

Running PHP7-FPM Nightly Build on Ubuntu 14.04

Tue, 14 Apr 2015 15:36:03 +0000

As I’m writing this, the calendar shows April 14 2015. According to the PHP 7.0 timeline, it has a projected release date of November 2015. But if you want to try it out (to check out the speed), you can already do so.

Running HHVM with fallback to PHP-FPM

Wed, 03 Dec 2014 21:57:29 +0000

HHVM can really speed up your PHP-based web site. Most reports are somewhere in the range of 2–4x faster. Unfortunately, HHVM isn’t very stable and will suddenly die, just of the blue, from time to another. Fortunately, if you’re running Nginx it’s really easy to set up PHP-FPM as a fallback.

Using fail2ban to block WordPress login attacks

Fri, 07 Nov 2014 19:31:38 +0000

Fail2ban works by filtering a log file with a regular expression triggering a ban action if the condition is met. After a preset time, it will trigger an unban action. Without much effort, we can have WordPress log all authentication events and have fail2ban react on them.

Using fail2ban from behind a Rackspace Cloud LoadBalancer

Fri, 07 Nov 2014 19:31:31 +0000

If your fail2ban is on a host behind a Rackspace Cloud LoadBalancer, you’ll want to block the offending IP addresses directly in your LoadBalancer. If your LB is acting as a reverse proxy, you’ll HAVE to block in the LB, but it is also nice to protect all other nodes behind the LB and offload the lifting.

Running HHVM instead of PHP with Nginx on Ubuntu

Mon, 12 May 2014 20:34:25 +0000

Since version 3.9, WordPress have been 100% compatible with HHVM and I have begun replacing PHP with it on a few of my servers to experiment.

WordPress Quality Guidelines

Thu, 27 Feb 2014 18:53:22 +0000

Any organization where multiple developers cooperate on a regular basis needs some guidelines to assure optimal quality of the end result. Most of these rules applies to freelancers as well.

«Slap-on» speed optimization of your WordPress site

Thu, 30 Jan 2014 15:23:00 +0000

OK, so you might have been at a WordCamp listening to talks or reading a few blog posts and you get that you should really get your WordPress site speed optimized. Starting all over isn’t either tempting nor something you have the time for. Don’t despair, you’ll get a long way by installing 5 plugins.

Optimizing HTTPS on Nginx

Sat, 18 Jan 2014 23:49:30 +0000

Now that you have secured Nginx with HTTPS and enabled SPDY enabled HTTP/2, it’s time to improve both the security and the performance of the server.

Host ga.js locally with a WordPress plugin

Fri, 27 Sep 2013 13:49:54 +0000

Recently, I’ve done some WordPress load optimization with Thomas Bensmann (read his post « Full score on Google PageSpeed, Pingdom and GTMetrix») and to achieve full effect, you do have to load the Google Analytics tracking script, ga.js, from your own server.

Optimize your JS and CSS loading in WordPress

Sun, 22 Sep 2013 22:04:51 +0000

When you get into page loading optimization, you will quickly find these «must-dos»: Combine your CSS and JavaScript files (respectively), minimize your CSS and JavaScript, load CSS before JS, load JS in body footer and then even some. Without much effort, we can make WordPress do all of this automatically.

Make Gravity Forms' JavaScript load in the footer

Thu, 19 Sep 2013 17:32:28 +0000

Gravity Forms is not only THE way to create and manage forms in WordPress, but is also pretty awesome when it comes to extensibility and flexibility. However, as most software, it has its issues. One of those is how it outputs some of the JavaScript, which in certain cases will break your site. This is how to fix it.

Why use WordPress as your corporate CMS?

Fri, 23 Aug 2013 15:42:20 +0000

There are now several years since WordPress was considered a blog platform only. Today, it’s a full blown CMS and perfectly capable of powering corporate web sites. Here I provide you with 5 non-technical reasons why WordPress is well fit for a corporate CMS.

Enabling SPDY with Nginx

Thu, 22 Aug 2013 20:50:20 +0000

SPDY is this new, cool, fast protocol created by Google that “replaces” HTTP (the first draft of HTTP 2.0 is using SPDY as the working base). It is supported in all the major browsers – yes, even Internet Explorer – with the exception of Apple’s Safari.

Securing Nginx with HTTPS

Thu, 22 Aug 2013 19:53:15 +0000

Adding a certificate and using the HTTPS protocol is a good improvement to the security in the communication between the browser and the server, and should be in place on all sites that have a user login. Contrary to what many (older) guides say, it doesn’t add much load on your server and is fairy easy and cheap to set up right.

Install latest version of Nginx on Ubuntu

Fri, 16 Aug 2013 16:29:31 +0000

I always run the latest LTS version of Ubuntu on all my servers. Unfortunately, the Nginx versions tend to be quite the bit behind the current release. So how do you get an updated, current version of without resorting to having to maintain the packages yourself? Luckily, the Nginx team have their own Ubuntu apt repository so it’s easy to keep current with the latest version of Nginx.

Install latest version of PHP on Ubuntu

Fri, 16 Aug 2013 15:57:19 +0000

I always run the latest LTS version of Ubuntu on all my servers. Currently the latest LTS is 14.04 which comes with PHP version 5.5, but as of November 2014, the latest stable version is 5.6. So how do you get an updated, current version of PHP without resorting to having to maintain the packages yourself? The answer is in PPA.

Publishing WordPress site from development to production server – or moving your WordPress installation from one host to another

Mon, 12 Aug 2013 21:20:25 +0000

You have finished that WordPress site, and want to deploy it – move it from your test server to the production server where it goes live. But how? WordPress have a famous 5-minute-install, but there is no 5-minute-go-live-script*. I’ll show you how in these 5 easy-to-follow steps.

Restricting access to WordPress login by IP address

Sat, 20 Apr 2013 20:15:34 +0000

If you have a static IP address, like from your own VPN, it is very easy to increase your security tremendously. Simply restrict all logins to that IP address.

Setting up your own PPTP VPN

Sat, 20 Apr 2013 19:04:23 +0000

When it comes to VPNs, there is the choice between PPTP and OpenVPN. PPTP is pretty quick to setup and works out of the box with most (all?) OSes and devices.

Get your Ubuntu VPS up and running

Sat, 20 Apr 2013 17:29:18 +0000

These are the first steps you should perform on your shiny, brand new VPS to set out on a safe journey on the internets. You don’t actually have to understand each of the steps here, but this post is intented for people who have some clue of what they’re doing. If there is such a thing as a «VPSes for dummies», it should not be read. VPSes are not intended for dummies.

Caching: Varnish or Nginx?

Fri, 12 Apr 2013 20:37:57 +0000

TL;DR: Varnish lacks support for SSL and SPDY. Nginx handles it just fine, and has very fast cache with either memcache or disk storage (ramdisk). Both can serve stale cache if your backend is down. But Nginx can not write to the memcache storage directly, it has to be done by the application. Also, Nginx can not purge the cache itself, without you compiling your own package.

Using Jekyll without YAML front matter

Thu, 28 Mar 2013 21:28:22 +0000

OK, so I was ready to give Jekyll another shot today. But one thing I’m not that happy with is the need for specifying the YAML front matter on every post. At this point, I’m not really using it for any practical matter.

About me

Mon, 01 Jan 0001 00:00:00 +0000

Hi there, I’m Bjørn Johansen. I grew up with C64, VHS, and Transformers.