I’ve never been a huge fan of WordPress.
Perhaps it’s because I was married to it for two years in high school managing my high school’s newspaper website. I’ll admit, I started at the black-and-white themed interface far more than necessary, spent many late nights just flipping back and forth between different themes, and, oh yeah, crashed the site within my first two weeks on the job due to a plugin overload, was locked out by the teachers because I wasn’t coordinating with my partner on the site, tried to break in by scanning through the source code (as if the password would just be stored in plain-text, what do you think this is, Facebook?), got access back by basically proving that I was the only one who knew what was actually going on (but not before making my own WordPress-hosted spinoff of the website), then a year later lost access to the blog after, as I saw coming and tried to prevent, the school’s domain and hosting got shut down due to non-payment after the county school system switched to a new unified school web-page system, had a total, pathetic, personal meltdown while everyone else at my school was amazed by the snow falling from the sky (you don’t see that often in Georgia), and then had all the writers switch to using the spinoff site I had made as the new official website, locked myself as an administrator so no future staffer could easily remove me from accessing the site’s backend, wrote a couple of movie and concert reviews, as well as a short-lived college perspective column after graduating high school, which I published without anyone’s permission, spent the first few weeks of college commenting and critiquing a new batch of articles written by the new high school writers, eventually stopped after my former teacher told me that wasn’t a cool thing to do, and to this day still have full administrative access to the website and its various social media accounts.
Or it could be that I just think it’s pretty kiddish-looking, who knows?
Either way, I do know this: It’s a bit of a pain to set up on your own hosting.
I say a bit because most of the setup process goes relatively quickly and easily, and most of the issues I faced trying to get this site set up weren’t actually WordPress’ fault.
As I dive deeper into my love of technology, I’ve recently gotten very interested in open-source software and freeware. There is a difference, I have to keep reminding myself; just because a company lets you see what’s going on behind the scenes doesn’t mean the product is free. Sure, you could download it from GitHub, maybe find a way to circumvent whatever built-in payment or verification systems it has, or just use the software without paying, or even worse, modify it and resell it, but you’re going to have an army of lawyers on your butt. That MIT license means something.
*Note to self: Do article explaining difference between MIT, GPL and other licenses*
At the same time, both because it’s interesting and because I am poor/stingy, I’ve wanted to invest in self-hosting, and avoid the cost (and unfortunate administrative lockouts) that come with paying a company like GoDaddy or SquareSpace to host your files for you.
I have BigBox, my built-out, high-capacity home server, but that’s got other tasks to focus on (more on that later, maybe), (plus a string of recent errors that severely impact its uptime (more on that later)). Thankfully, I can’t say no to coughing up $35 every time I see a Raspberry Pi on a shelf or on the Internet, and so I have a handful of those lying around. My main one, PiInTheSky, hosts a lot for me, including about a half-dozen active Reddit, Discord, Slack and Twitter bots, another half-dozen inactive bots, a currently-inactive internet speed test bot, and recently my personal website, nathandharris.com, after I decided to not spend another $100 for a year of hosting at GoDaddy for a site that, admittedly before and after a day-long makeover a couple weeks ago, rarely sees any traffic.
Seeing how I was able to host my personal website, I didn’t think for a minute to pay for professional hosting for this blog, and knew right away that I was going to self-host this on the same Pi (poor buddy, he really is stretched thin with all these applications).
After buying the domain hastily and without a moment to think in the middle of the night, I searched (afterwards…) if I could even host two domains on one server. A quick tutorial basically said yes, and that was good enough for me. The next day, I spent about an hour following a number of online tutorials about how to split and structure the directories for two sites, and how to configure Nginx to serve both sites, before realizing that I was using Apache (which I thought originally, but since I couldn’t find the old “httpd” directory, I figured I must have been mistaken and was using Nginx. Turns out the tutorial was outdated, and Apache2’s configuration is held in the, duh, “apache2” directory). This is all Raspbian/Debian, in case you were wondering.
Then I had to research how to set up A records for my .tech domain to direct it to my home IP address, which wasn’t too difficult once I was able to Google-guess which of the half-dozen or so different records was used to point to hosting. I had already set up A records before for another .tech domain from the same get.tech reseller, so that was relatively simple. I also learned in the process that Google Fiber apparently defaults to IPv6 when you search “what’s my IP address” on Google. Embracing the future, love it. Thankfully, one of the top website results was able to translate it into the IPv4 I needed for the record. And port forwarding on my router had already been set up to go to the Pi, since my personal website was already running on it as well.
A bit out of order here, I also wanted to install SSL certificates from LetsEncrypt, an amazing non-profit that offers free SSL certificates to implement HTTPS on websites, both self-hosted and non-self-hosted. GoDaddy unfortunately doesn’t support LetsEncrypt, so the only way to get HTTPS on my site when I was using them to host would be to pay GoDaddy over $60/year. I don’t really need HTTPS, I don’t have any online retail or sign-in data to protect for my users, but with Google Chrome flagging non-HTTPS sites as “Not Secure” now, it looks unprofessional, especially as a technology enthusiast, to have that next to my domain in the URL bar. And I wasn’t about to drop that much money for something I really didn’t need. That was in large part the final push to make me stop paying for hosting and self-host, where I would have full admin privileges, where my website could truly be my own. I had installed a LetsEncrypt SSL certificate on my personal website a few months ago when I was living in Ohio, but it likely expired (they have 90-day lifespans, so you have to renew often). So I spent another couple minutes, after installing dependencies for a dependency that I needed to install another backport dependency to get LetsEncrypt’s “certbot” installed on my Pi, using the certbot to install my certificates.
The whole process would have taken five minutes, if I didn’t spend over an hour, including a short break out of frustration and belief that I had locked my website out forever, researching why certbot had installed the certificates successfully but I couldn’t ping my new HTTPS sites. With auto-redirect on, the standard HTTP sites would auto-redirect to HTTPS, which then wouldn’t connect. I tried erasing all of LetsEncrypt’s files and starting over, with auto-redirect off. I could hit the HTTP, but not HTTPS. Eventually, after milling through online help forums, it dawned on me that HTTPS uses port 443, not the standard port 80 for HTTP traffic, and I hadn’t opened 443 on my router. A quick port forward rule change later, and both sites were fully secured and accessible.
Okay, now to WordPress. Installing it was simple, just download a ZIP file with their latest version (http://wordpress.org/latest.tar.gz) with “wget” onto the Pi, extract the files and directories, shift them up a level, change ownership with “sudo,” and delete the original zip file (optional). Hit the website and the configuration page pops up with some simple settings and you’re underway. The Raspberry Pi team has a great tutorial of all of this, which I largely followed, at https://projects.raspberrypi.org/en/projects/lamp-web-server-with-wordpress
Before finalizing the WordPress installation, you have to set up a database for WordPress to use. Thanks to the tutorial, this again shouldn’t take very long, unless you’re like me and you’ve already had MariaDB for a while for other projects and have somehow, somehow deleted or blocked or whatever your root user for your databases. Eventually I was able to figure out (thanks, Internet) how to bypass the login and make limited administrative changes to the databases, including adding a new quasi-administrative user. Unfortunately, neither the default bypass nor the new user could make a new limited scope user with access only to the new WordPress database, so I was forced to use the admin user for WordPress. That means the username and password the WordPress software uses to access the “wordpress” database also has access to all the other databases on my Pi. Yes, I did just admit to a security flaw; I eagerly await your hacks.
I did also want to avoid WordPress entirely. As I said earlier, something has never sat quite right with me about WordPress, and I’m a bit surprised that I’m able to host the software for free on my own. I always used to think you could make a yourdomain.wordpress.com website for free, but converting that to yourdomain.com (buying a domain, assuming through WordPress) or hosting the blogging software (either self-host or through a hosting company) cost money. Interestingly, the WordPress configuration page asked for my email address, and seems it was able to find my account from all those cheap yourdomain.wordpress.com sites and pull my username and profile picture into my self-hosted software. Maybe I should check to make sure they didn’t bill me…
A snarky comment from my girlfriend about me using WordPress (“as opposed to SquareSpace,” which I informed her was apples-to-oranges, blogging software vs. web hosting) set me out on another couple hours of Internet scouring for WordPress alternatives. There’s a really comprehensive list of self-hosting software on GitHub (https://github.com/Kickball/awesome-selfhosted), including a couple dozen blogging and content management system programs, but none particularly stuck out to me, and many of them were not free. HTMLy seemed compelling, given my preference for HTML over PHP, but limited documentation and, as with many of them, far less support than WordPress made it difficult to take the leap. It surprised me that WordPress was on the list, but I guess WordPress is technically a self-hosting software; just because it’s a big name and makes money doesn’t disqualify it.
Finally, with the theme set up and a couple plugins installed, I got around to making my first post. They changed the interface I see; not my favorite, but a good middle ground between the old feature-rich text editor and the barebones “New Post” on wordpress.com. I type it up and … “Publishing failed.” I try again, same result. I copy and paste (the new blocks system doesn’t make that easy, get on it WordPress) into the old, deleted “Hello World” post and try updating that. “Updating failed.” Another half-dozen attempts, same result. Some online searching and I find the “Health Check and Troubleshooting” plugin. After getting it installed and figuring out how to work it, I find the same issue as this guy I’m reading about in the WordPress forums: REST API not found. A quick check of my source files and sure enough, the wp-json directory doesn’t exist. Thankfully Google knows the answer; looks like updating my apache2.conf and changing “AllowOverride None” to “AllowOverride All” for the website’s directory might be a starting point.
Luckily, it works beautifully on the first try. Apache2 restarts, the Health Check plugin says the REST API can be found (although wp-json still doesn’t exist in my directory…?) and posting works.
Could you imagine how much shorter this post would have been if I hadn’t been able to publish it?