Code, Security and Server Stuff
Views are my own and not my employer's.
This is how I checked the compatibility of my WordPress theme and plugin (code) with PHP Compatibility Checker
Read the full article here: https://fearby.com/article/check-the-compatibility-of-your-wordpress-theme-and-plugin-code-with-php-compatibility-checker/
This is how I checked the compatibility of my WordPress theme and plugin (code) with PHP Compatibility Checker
Advertisement:
Aside
I have a number of guides on moving away from CPanel, Setting up VM’s on AWS, Vultr or Digital Ocean along with installing and managing WordPress from the command line. PHP is my programming language of choice.
Now on with the post
Snip from: https://wordpress.org/plugins/php-compatibility-checker/
What is PHP Compatibility Checker
> The WP Engine PHP Compatibility Checker can be used by any WordPress website on any web host to check PHP version compatibility.
> This plugin will lint theme and plugin code inside your WordPress file system and give you back a report of compatibility issues for you to fix. Compatibility issues are categorized into errors and warnings and will list the file and line number of the offending code, as well as the info about why that line of code is incompatible with the chosen version of PHP. The plugin will also suggest updates to themes and plugins, as a new version may offer compatible code.
> This plugin does not execute your theme and plugin code, as such this plugin cannot detect runtime compatibility issues.
Please note that linting code is not perfect. This plugin cannot detect unused code-paths that might be used for backwards compatibility, and thus might show false positives. We maintain a whitelist of plugins that can cause false positives. We are continuously working to ensure the checker provides the most accurate results possible.
This plugin relies on WP-Cron to scan files in the background. The scan will get stuck if the site’s WP-Cron isn’t running correctly. Please see the FAQ for more information.
Install PHP Compatibility Checker
I instaled by SSH’ing to my server and opening my WP Plugins folder
I grabbed the latest download URL from here (hover over the download button), at the time of writing this was the latest version: https://downloads.wordpress.org/plugin/php-compatibility-checker.1.4.6.zip
Advertisement:
I downloaded the plugin on my server (then unzipped it and deleted the zip)
Enable PHP Compatibility Checker Plugin
I enabled the plugin
I clicked on the following message
> You have just activated the PHP Compatibility Checker. Start scanning your plugins and themes for compatibility with the latest PHP versions now!
I already have PHP 7.2 installed so let’s scan my site. PHP 7.3 will be available in December and it is already being tested in beta.
PHP Versions
Site Scanning
PHP Compatibility Checker site scanning is very business like
PHP Compatability Checker Scan Results
2 of 22 plugins I use were not PHP 7.2 compatible (WordFence and WP Meta SEO)?
I read on twitter that Wordfence may be a false positive.
Clicking toggle details reveal why the scan failed. A Two Factor Auth plugin was all OK.
Your results will hopefully be…
> PHP 7.2 compatible
Of if errors exist it should explain why it did not pass.
FILE: /www-root/wp-content/plugins/wp-meta-seo/jutranslation/jutranslation.php
> —————————————————————————————-
> FOUND 1 ERROR AFFECTING 1 LINE
> —————————————————————————————-
> 251 | ERROR | The function is_countable() is not present in PHP version 7.2 or earlier
> —————————————————————————————-
I can’t wait for PHP 7.3 scanning. I will update this post in December 2018 after PHP 7.3 is released.
Advertisement:
Good luck and I hope this guide helps someone
Ask a question or recommend an article
Revision History
v1.0 Initial post
This is quick guide explaining how I created my first JavaFX application using the Gluon Scene Builder in the IntelliJ IDEA IDE.
Read the full article here: https://fearby.com/article/creating-your-first-java-fx-app-and-using-scene-builder-in-the-intellij-idea-ide
This is quick guide explaining how I created my first JavaFX application using the Gluon Scene Builder in the IntelliJ IDEA IDE.
Advertisement:
I have a number of guides on moving away from CPanel, Setting up VM’s on UpCloud, AWS, Vultr or Digital Ocean along with installing and managing WordPress from the command line. I created this blog post on creating a Java GUI app with the older Swing technology (Java FX replaces Swing). I now want to create a JavaFX app to control my UpCloud VM’s.
If you have not read my previous posts I have now moved my blog etc to the awesome UpCloud host. Sign up using this link to get $25 free credit.
Do read: Preparing for JavaFX Application Development: https://wiki.openjdk.java.net/display/OpenJFX/Building+OpenJFX#BuildingOpenJFX-Mac
Downloading Java
Download and install Java SE 8 or higher from http://www.oracle.com/technetwork/java/javase/downloads/index.html
Download Intelli J IDEA IDE
Goto https://www.jetbrains.com/idea/
Click Download
Download the community edition
Install Intelli J IDEA IDE
Install Scenebuilder
I downloaded the Java Scene Builder (1.1 or 2.0) from here.
Install the Scene Builder (open the installer and drag it to your applications folder).
Configure the Scene Builder in IntelliJ IDEA IDE
You can now create a JavaFX project an have a workign scene builder GUI.
After you create a JavaFX project open your JavaFX fxml file in Scene Builder (right click on the .fxml file and select Open in Scene Builder)
Extended Scene Builder from Gluon
I read that there is a better Scene builder GUI available from https://gluonhq.com/products/scene-builder/
Read some of the Java Scene Builder v Gluon Scene Builder history here at Reddit for the latest on why.
I am going to download the Gluon Scene Builder from http://gluonhq.com/products/scene-builder/
Download and install the Gluon Scene builder (at the time of writing requires Java 9 or higher).
Now open IntelliJ IDEA IDE and open the preferences and change the scene builder path from “/Applications/JavaFX Scene Builder 2.0.app/” to “/Applications/SceneBuilder.app/“.
Save the IntelliJ IDEA preferences and Right click on your projects “fxml” file again and click “Open In Scene Builder” , do verify it is indeed the Gluon Scene builder by opening the about menu.
Designing your first JavaFX app
Now you can design and code a JavaFX application with Gluon Scene Builder.
I am not an expert at java apps so i’d highly recommend you follow this guide to learn how to build a well-structured JavaFX panel layout (just ignore that it is using the standard Scene Builder, it works with the gluon one).
You should now have a working Java FX App
The scene builder will save changes to your fxml file
<?xml version="1.0" encoding="UTF-8"?>
<?import javafx.geometry.Insets?>
<?import javafx.scene.control.Button?>
<?import javafx.scene.control.Label?>
<?import javafx.scene.control.Menu?>
<?import javafx.scene.control.MenuBar?>
<?import javafx.scene.control.MenuItem?>
<?import javafx.scene.control.TextArea?>
<?import javafx.scene.control.TextField?>
<?import javafx.scene.control.TreeView?>
<?import javafx.scene.layout.BorderPane?>
<?import javafx.scene.layout.HBox?>
<?import javafx.scene.layout.Region?>
<?import javafx.scene.layout.VBox?>
<BorderPane maxHeight="-Infinity" maxWidth="-Infinity" minHeight="-Infinity" minWidth="-Infinity" prefHeight="400.0" prefWidth="600.0" xmlns="http://javafx.com/javafx/9.0.4" xmlns:fx="http://javafx.com/fxml/1" fx:controller="sample.Controller">
<top>
<VBox BorderPane.alignment="CENTER">
<children>
<MenuBar>
<menus>
<Menu mnemonicParsing="false" text="File">
<items>
<MenuItem mnemonicParsing="false" text="Close" />
</items>
</Menu>
<Menu mnemonicParsing="false" text="Edit">
<items>
<MenuItem mnemonicParsing="false" text="Delete" />
</items>
</Menu>
<Menu mnemonicParsing="false" text="Help">
<items>
<MenuItem mnemonicParsing="false" text="About" />
</items>
</Menu>
</menus>
</MenuBar>
<HBox spacing="8.0">
<children>
<TextField promptText="ip" />
<TextField promptText="Username" />
<TextField promptText="Password" />
<Button mnemonicParsing="false" onMouseClicked="#loginButtonClicked" prefHeight="27.0" prefWidth="68.0" text="Login" />
<Region HBox.hgrow="ALWAYS" />
<Button mnemonicParsing="false" onMouseClicked="#settingsButtonClicked" text="Settings" />
</children>
<padding>
<Insets bottom="8.0" left="8.0" right="8.0" top="8.0" />
</padding>
</HBox>
</children>
</VBox>
</top>
<left>
<TreeView prefHeight="200.0" prefWidth="200.0" BorderPane.alignment="CENTER" />
</left>
<center>
<TextArea prefHeight="200.0" prefWidth="200.0" BorderPane.alignment="CENTER" />
</center>
<bottom>
<HBox BorderPane.alignment="CENTER">
<children>
<Label text="Label" />
</children>
<padding>
<Insets bottom="2.0" left="2.0" right="2.0" top="2.0" />
</padding>
</HBox>
</bottom>
</BorderPane>Advertisement:
You can add functions into your controller class
package sample;
public class Controller {
public void loginButtonClicked(){
System.out.println("Login");
}
public void settingsButtonClicked(){
System.out.println("Settings");
}
}Instaling Gluon JavaFX Templates
Close your test project and create a new project, but before you do click Configure then Plugins
Now lets open In the following screen click Browse Repositories.
Search the repository for and install the “Gluon” plugin
Restart IntelliJ IDEA IDE then you can use templates when creating a project.
Get your own VM
If you have not read my previous posts I have now moved my blog etc to the awesome UpCloud host. Sign up using this link to get $25 free credit.
Packaging a Java app for distribution on OSX
I will show how you can package your app to run on a Mac by using this.
Coming Soon
I will add more guides soon on using a custom JavaFx app to allow you to manage your own UpCloud server and perform Deploy/Init/Setup/Configure/Operate actions. Running CLI commands to deploy and manage a server is fun but is very tedious.
I blogged recently about using the UpCloud API and setting up a subdomain recently (I will use this server to test and prove the Javmanagementnt app).
Advertisement:
Links
I hope this guide helps someone.
Ask a question or recommend an article
Revision History
V1.6 Jenkov Tutorials
V1.5 Reddit java help
V1.4 added java widgets link
V1.3 added javafx examples link.
V1.2 added Java learning paths
V1.1 added offical Javafx examples
v1.0 Initial post
How to use the UpCloud API to manage your UpCloud servers.
Read the full article here: https://fearby.com/article/how-to-use-the-upcloud-api-to-manage-your-upcloud-servers/
How to use the UpCloud API to manage your UpCloud servers.
Advertisement:
If you have not read my previous posts I have now moved my blog etc to the awesome UpCloud host. Sign up using this link to get $25 free credit.
I recently compared Digital Ocean, Vultr and UpCloud Disk IO here and UpCloud came out on top by a long way (read the blog post here).
Here is my blog post on moving from Vultr to UpCloud.
Spoiler: UpCloud performance is great.
I have never had an UpCloud page load take longer than 2 seconds since moving.
UpCloud API
UpCloud has an API that we can opt into to using where we can manage servers. Read the official UpCloud API documentation here.
The API allows you to control:
Create a sub-account to query the API
You should create a new user account (in the UpCloud dasbboard) just for API access. I created two accounts for use on my server and on my home laptop and my server (and set a limiting IP(s) that can access it).
Create a Sub Account for API Access
Login to your UpCloud account (create an account here and get $25 free credit),
TIP: Lock down the account to have the minimum permissions required.
e.g
Save the account.
Now let’s make our first API call
I use OSX and I use the awesome Paw API testing tool from https://paw.cloud (This is not a plug, they are awesome). Postman is a popular API testing tool too. Any good programing language or CLI will allow you to send API requests.
First, let’s prepare the authorization string (this is a Base64 encoded combination of your username and password) read more here.
A Base64 string will be outputted 🙂
e.g > eW91cmFwaXVzZXJuYW1lOnlvdXJzdXBlcnNlY3VyZXBhc3N3b3Jk
fyi
You can encode also Encode and Decode Base64 from the Ubuntu Command line
Encode Base64 from the CLI Sample
Decode Base64 from the CLI Sample
Now we can add an “Authorization Basic” token to the API request in Paw.
A quick test of the UpCloud Prices API endpoint https://api.upcloud.com/1.2/price reveals the API is working.
I can now see a full breakdown of my service prices in JSON 🙂
Query My Account
OK, Let’s see how much credit I have left by querying the https://api.upcloud.com/1.2/account, I duplicated the item in Paw and changed the URL to https://api.upcloud.com/1.2/account but no data returned?
I had to enable “Access to Billing section in Control Panel” for the user before this data returned from the API (make sense).
> HTTP/1.1 200 OK
Query (GET)
GET /1.2/account HTTP/1.1 Host: api.upcloud.com User-Agent: Paw/3.1.7 (Macintosh; OS X/10.13.5) NSURLConnection/1452.23 Authorization: Basic *******************************************
Output
HTTP/1.1 200 OK
Date: Sun, 17 Jun 2018 04:23:32 GMT
Content-Type: application/json; charset=UTF-8
Connection: close
Content-Length: 91
Server: Apache
{
"account" : {
"credits" : 2500.00,
"username" : "yourapiusername"
}
}“2500.00” = cents ($25)
Query All of Your Servers
Ok, Let’s get server information by querying https://api.upcloud.com/1.2/server
Query (GET)
GET /1.2/server HTTP/1.1 Host: api.upcloud.com User-Agent: Paw/3.1.7 (Macintosh; OS X/10.13.5) NSURLConnection/1452.23 Authorization: Basic ##############base64hash##############
Output
HTTP/1.1 200 OK
Date: Sun, 17 Jun 2018 04:32:22 GMT
Content-Type: application/json; charset=UTF-8
Connection: close
Content-Length: 1154
Server: Apache
{
"servers" : {
"server" : [
{
"core_number" : "1",
"hostname" : "server1nameredacted.com",
"license" : 0,
"memory_amount" : "2048",
"plan" : "1xCPU-2GB",
"plan_ipv4_bytes" : "3472464313",
"plan_ipv6_bytes" : "166293599",
"state" : "started",
"tags" : {
"tag" : [
"tag1"
]
},
"title" : "server1nameredacted.com",
"uuid" : "########-####-####-####-############",
"zone" : "us-chi1"
},
{
"core_number" : "1",
"hostname" : "server2nameredacted.com",
"license" : 0,
"memory_amount" : "1024",
"plan" : "1xCPU-1GB",
"plan_ipv4_bytes" : "198911",
"plan_ipv6_bytes" : "19742",
"state" : "started",
"tags" : {
"tag" : [
"tag2"
]
},
"title" : "server1nameredacted.com",
"uuid" : "########-####-####-####-############",
"zone" : "us-chi1"
}
]
}
}Query Server Information
I have redated the UUID’s for my servers but once you know them you can query them by hitting https://api.upcloud.com/1.2/server/########-####-####-####-############
Query (GET)
Output
HTTP/1.1 200 OK
Date: Sun, 17 Jun 2018 04:45:14 GMT
Content-Type: application/json; charset=UTF-8
Connection: close
Content-Length: 1656
Server: Apache
{
"server" : {
"boot_order" : "cdrom,disk",
"core_number" : "1",
"firewall" : "on",
"host" : redacted,
"hostname" : "server1nameredacted.com",
"ip_addresses" : {
"ip_address" : [
{
"access" : "private",
"address" : "##.#.#.###",
"family" : "IPv4"
},
{
"access" : "public",
"address" : "###.###.###.###",
"family" : "IPv4",
"part_of_plan" : "yes"
},
{
"access" : "public",
"address" : "####:####:####:####:####:####:########",
"family" : "IPv6"
}
]
},
"license" : 0,
"memory_amount" : "2048",
"nic_model" : "virtio",
"plan" : "1xCPU-2GB",
"plan_ipv4_bytes" : "3519033266",
"plan_ipv6_bytes" : "168200052",
"state" : "started",
"storage_devices" : {
"storage_device" : [
{
"address" : "virtio:0",
"boot_disk" : "0",
"part_of_plan" : "yes",
"storage" : "########-####-####-####-############",
"storage_size" : 50,
"storage_title" : "system",
"type" : "disk"
}
]
},
"tags" : {
"tag" : [
"fearby"
]
},
"timezone" : "Australia/Sydney",
"title" : "server1nameredacted.com",
"uuid" : "########-####-####-####-############",
"video_model" : "cirrus",
"vnc" : "off",
"vnc_password" : "#########################",
"zone" : "us-chi1"
}
}The servers name, IPv4 and IPV6 network adapters are listed, CPU(s), Memory, Disk Sized and UUID’s are all visible 🙂
Surprisingly the VNC password is visible (enabling access to the root console).
TIP: Ensure your API account is safe and secure.
Query Storage Information
Now, Let’s query the storage with the GUID from above by querying https://api.upcloud.com/1.2/storage/########-####-####-####-############
Query (GET)
GET /1.2/storage/########-####-####-####-############ HTTP/1.1 Host: api.upcloud.com User-Agent: Paw/3.1.7 (Macintosh; OS X/10.13.5) NSURLConnection/1452.23 Authorization: Basic ##############base64hash##############
Output
HTTP/1.1 200 OK
Date: Sun, 17 Jun 2018 04:53:36 GMT
Content-Type: application/json; charset=UTF-8
Connection: close
Content-Length: 559
Server: Apache
{
"storage" : {
"access" : "private",
"backup_rule" : {},
"backups" : {
"backup" : [
"########-####-####-####-############"
]
},
"license" : 0,
"part_of_plan" : "yes",
"servers" : {
"server" : [
"########-####-####-####-############"
]
},
"size" : 50,
"state" : "online",
"tier" : "maxiops",
"title" : "system",
"type" : "normal",
"uuid" : "########-####-####-####-############",
"zone" : "us-chi1"
}
}I can see information about the storage’s assigned server and backups 🙂
Query Backup Information
Backup storage can be queried with the same storge API endpoint https://api.upcloud.com/1.2/storage/########-####-####-####-############
Query (GET)
Output
HTTP/1.1 200 OK
Date: Sun, 17 Jun 2018 05:01:11 GMT
Content-Type: application/json; charset=UTF-8
Connection: close
Content-Length: 412
Server: Apache
{
"storage" : {
"access" : "private",
"created" : "2018-06-16T04:47:56Z",
"license" : 0,
"origin" : "########-####-####-####-############",
"servers" : {
"server" : []
},
"size" : 50,
"state" : "online",
"title" : "On-Demand Backup",
"type" : "backup",
"uuid" : "########-####-####-####-############",
"zone" : "us-chi1"
}
}Rename Backup
One thing that I would like to be able to do is to rename on-demand backups in the UpCloud dashboard (this is not a feature yet) but I can rename manual backup’s in the API though 🙂
Boring “On-Demand Backup” label.
I tried sending JSON to https://api.upcloud.com/1.2/storage/########-####-####-####-############ to rename a backup but kept getting an error?
JSON
{
> “storage”: {
> “title”: “Latest manual backup , Working NGINX, PHP, MySQL w Tweaks”,
> “size”: “50”
> }
> }
Result
> “error_code” : “CONTENT_TYPE_INVALID”,
> “error_message” : “The Content-Type header has an invalid value.”
I googled and found an old manual for UpClouds API (official support here).
I added these missing content type headers (108 was the length in chars of the payload)
> Content-Type: application/json; Charset=UTF-8' > Content-Length: 108
Still no go?
I think the content length value is wrong, more here.
I fixed it, it turned out I had a semicolon in the Content-Type value. The JSON RFC always assumes that Content-Type is UTF8 encoded (more here).
This Fails
This Works
Content-Type: application/json
Now I can rename my Backup (storage). I manually calculated the length of the JSON payload and added a “Content-Length” header and value.
Query (PUT)
Output
HTTP/1.1 202 ACCEPTED
Date: Sun, 17 Jun 2018 05:47:02 GMT
Content-Type: application/json; charset=UTF-8
Connection: close
Content-Length: 453
Server: Apache
{
"storage" : {
"access" : "private",
"created" : "2018-06-16T04:47:56Z",
"license" : 0,
"origin" : "########-####-####-####-############",
"servers" : {
"server" : []
},
"size" : 50,
"state" : "online",
"title" : "Latest manual backup , Working NGINX, PHP, MySQL w Tweaks",
"type" : "backup",
"uuid" : "########-####-####-####-############",
"zone" : "us-chi1"
}
}Success 🙂
Create a Backup
Backups can be performed with a “/backup” added to the end of the query string.
Query (POST)
Output
Success (UpCloud GUI)
Conclusion
UpCloud does have great API docs.
I can easily integrate this into bash scripts to manage my servers via API and a future Java app for managing servers.
Paw does give CURL output to allow me to copy working API’s for use in BASH 🙂
More to come
If you are signing up for UpCloud please consider using my referral code and get $25 credit for free.
Read my setup guide here.
https://www.upcloud.com/register/?promo=D84793
I hope this guide helps someone.
Ask a question or recommend an article
Revision History
V1.1 updated typo
v1.0 Initial Post.
Here is a quick guide that shows how you can create and compile your first Java app with Net Beans.
Advertisement:
I have a number of guides on moving hasting away form CPanel, Setting up VM’s on AWS, Vultr or Digital Ocean along with installing and managing WordPress from the command line. Updating the serves is a pain so I am writing a java app for Windows and OSX to help me manage the server by telnetting in on port 22 and performing routine actions from a button click in Java.
Installing Java and NetBeans IDE
Goto https://netbeans.org/downloads/index.html and click “JDK with NetBeans IDE Java SE bundle”
Download Netbeans and Java SE bundle
Install Netbeans and Java SE bundle
Creating your first GUI Java Application
Create New Project (Java Application) in NetBeans, Click Next
Name the project and set the main class as “main”
Add a new file, a “Swing GUI Form/JFrame form“.
Name the J Frame Form and click Finish.
Adding GUI elements in NetBeans IDE
In the Net Beans IDE, you can simply drag and drop elements. I like to move my properties screen to the bottom centre.
Set the panel at the default startup element
Add the following code to the main.java file
> framemain form = new framemain();
> form.setVisible(true);
Compile the App
The app compiles 🙂
Add an action to a button
You can add button actions (events) in the design mode.
Add Hello World alert box code to the button
Add the following to the Panel code file
> public static void infoBox(String infoMessage, String titleBar)
> {
> JOptionPane.showMessageDialog(null, infoMessage, “InfoBox: ” + titleBar, JOptionPane.INFORMATION_MESSAGE);
> }
Add this to the action (event)
System.out.println(“Hello World”);
> frame1.infoBox(“Hello World”, “Hello World”);
Build
To build right-click on the project and click Clean and Build
The result is an app you can run by double-clicking the jar file.
I hope this helps someone.
Making an OSX APP file from the JAR file
Coming soon
Making a Windows EXE file from the JAR file
Coming soon
I hope this guide helps someone.
Ask a question or recommend an article
Revision History
v1.0 Initial post
This guide will show technically minded people how you can purchase your own domain name, set up a web server on Vultr with an online store using WordPress/WooCommerce from $5 a month. Warning this post is technical (if you have never used SSH, Ubuntu, Linux Command Line, hate risk or are not patient then this is NOT the guide you are after).
Advertisement:
Draft Post (released early to share)
I personally recommend (not a paid endorsement) the free WooCommerce plugin for the free WordPress.org CMS on the free Ubuntu Operating system with the free NGINX web server and the free MYSQL database engine and free SSL certificates from Lets Encrypt.
Update 2018: For the best performing VM host (UpCloud) read my guide on the awesome UpCloud VM hosts (get $25 free credit by signing up here).
Buy a domain name from Namecheap here.
Sorry for using the word free a lot but I like free things. One of the benefits of a using a self-managed server is you get the option to install free software and configure the server how you want and secure it how you want. Truth be told managed ho (e.g CPanel, etc) are in the business of making money via monthly feed, expensive SSL certificates, taxing your transactions or pushing you to higher priced tiers.
Legend:
I moved to a self-managed server after I was paying $25/m for a poorly performing website and $150/y for a poor quality SSL certificate and a slice of a server that seemed to always say “Usage Limit Exceeded”. Why pay for an insecure website that my visitors could not view because the usage limit was exceeded.
fyi: Fearby.com costs me $10 a month for a server and $5/m for CDN abilities.
CPanel hosts are an option when you don’t want to self-manage a service and take on the hassle but be prepared for server limitations (The image below was taken on an older CPanel based hosts before I moved to a self-managed Vultr server)
I recently discovered a well known and established website hosting service (that I used to use) and a friend is still using is insecure. My friend’s site has a static website on it but the server underneath was very old and insecure. Having a secure web server should be at the top of your list with any self-managed or hosted website (this will help search engine optimization and prevent risks to your website visitors).
Sites like Virus Total, SSL Labs and Alexa Site Info , Qualys are good ways to review a site’s credibility.
fyi: The awesome https://seositecheckup.com/ is awesome for evaluating our sites SEO score.
Before we set up a server with WordPress on your own server let’s quickly look at the alternative commercial ready to go website builders.
Alternative (paid) DIY Website Builders
The following leading commercial sites will allow you to build a site online.
In my opinion, five things matter with setting up site online website.
Ok, let’s see how much it will cost to set up a simple business site on the sites above.
Wix
Setup: Goto https://www.wix.com/, Login to Wix, click Create Site, click Business, Click Choose a Template, Edit the page, Click Save, Click “Connect your own customized domain“, Click “Connect a domain you already own“.
I was redirected to a Wix plan pricing page where I need to choose a plan to continue. From what I researched you cant control HTML on Wix so can’t add a MailChimp newsletter signup form so you would have to go with the $24.5/m option to enable Email Campaigns.
I could not see information about included SSL certificates, SEO or other chargers. SSL is free after you pay right?
The Wix editor appears OK (it may take a bit of learning though).
I clicked publish and the site was live
A quick check of the SSL, Accessibility and SEO and no obvious deal breakers here apart from the price and platform lock-in.
I performed a security check on the site with https://freescan.qualys.com (passed)
Conclusion: I hear Wix templates are hard to change so choose your template wisely, A large collection of apps are available that you can add to the site.
Although Wix was nice and it does include a full-featured look at the engine it is not for me ($24/m USD is too expensive).
Squarespace
Squarespace basic websites cost $16/$25 a month or $34/52 for online stores: https://www.squarespace.com/pricing/
Setup a Squarespace website: Goto https://www.squarespace.com/, Click Start a Free Trial, Choose a Template, Create an Account (a quick read of the terms of service and privacy policy, #scary), SpareSpace sites are pre-published?
Loading the webpage on a non-logged-in (with SquareSpace login) browser displays a trial warning. Trial pages are essentially restricted (unlike Wix).
The mobile view does not match the template? I guess the chosen template is more of a vibe and not a template.
Setting up a Squarespace website may take some time. Squarespace does have some nifty advance options in a slide-out menu though.
Because the public view of the page is restricted I cannot scan it with WCAG accessibility tools. Scanning the site performance speeds with gtmetrix also fails.
Squarespace is well known to be difficult to set up a website when compared to other drag and drop editors (but Squarespace sites do look nice).
I am not paying $54/m for a website so let’s move on.
Shopify
Shopify Setup: Goto https://shopify.com and click Create, Sign up and enter your store name. Complete the wizard.
Choose a Shopify Plan
Scalping transactions, no thanks. let’s move on.
Weebly
Weebly Setup: Goto https://www.weebly.com/au and click Get Started under Create Store. Enter your account details and click Create Your Site, enter the name of the store, Click I’m just trying Weebly, click the type of product you will be selling.
Weebly Site Setup
Theme Selection
Choose a Domain
Publish the site
Clicking publish appears to be a dead end.
“Please contact Weebly Support to verify your account”, No Thanks, let’s move on.
One candidate remains and that is WordPress hosted (wordpress.com not wordpress.org).
WordPress.com
WordPress.com offer hosted plans for WordPress in the cloud.
Setup a WordPress site, the only one that removes WordPress branding and allows third-party plugins to be installed it the Business plans for $33 a month.
Setup Basics
Choose a WordPress theme.
Assign a Domain
In order to buy a domain, you need to log in (top right) with an account
My working WordPress account (is no longer working), it was in my password manager.
I seem to be stuck in a signup loop
Time to move on. Time to set up my own server on Vultr and setup WordPress and WooCommerce,
But, before we do, let’s ensure our name is secure online.
Search for your Name/Brand
Do search for your website (or thing) in search engines to see if your name is already taken, don’t buy a domain that is owned or has IP or trademark presence. It is a good idea to use sites like https://namechk.com/ to see if your site or social media is already taken.
namechk.com will allow you to search for name availability online. The name “mything” is not fully available online.
You will want to see all green squares (name available) below before buying a domain name. This looks better.
I would recommend you create your social media accounts before or right after buying your domain. Sites like Twitter will insist on short usernames names so get your social media sites first.
Trademark and Brand Search
Also, perform a trademark and IP search.
Australian Trademark Search: https://search.ipaustralia.gov.au/trademarks/search/quick
United States Trademark Database: https://www.uspto.gov/trademarks-application-process/search-trademark-database
Global brand Search: http://www.wipo.int/branddb/en/
etc
Self Managed Warning
I tend to go the “self-managed server route” and install the free WordPress CMS because:
There are many reasons why you would not want to “self-manage” your own server
Being technically minded and choosing a “self-managed web servers” can take away time from the fun stuff like SEO, Site Design, customer needs, branding etc.
Self Managed Costs
For $5 a month you can buy a server with enough memory to install WordPress (cheaper if you don’t need WordPress)
Vultr is great. Vultr does have ready to go servers that you can deploy that have WordPress all set up.
The Vultr template above does use the Centos OS (read my guide setting up Centos on a different service provider here) but I prefer to manually setup a server with Ubuntu 16.04 OS on Vultr.
Wih a $5 server you can do what you want with it. I have blogged before about setting up your own Server. e.g Installing Centos and Ubuntu server on Digital Ocean. Digital Ocean does not have data centres in Australia and this kills scalability. AWS is good but 4x the price of Vultr. I have blogged about setting up and AWS server here (and upgrading an AWS instance). I tried to check out Alibaba Cloud but the verification process was broken so I decided to check our Vultr.
Manual Setup of Vultr on an Ubuntu 16.04 server
Manual WooCommerce Plugin Setup
Once you setup Woocommerce you can setup the store defaults. Goto the WordPress dashboard and click WooCommerce Settings
Settings – General
Settings – Products
Settings – Shipping
Settings – Checkout
Settings – Account
Settings – Emails
Settings – API
Optional Actions
Instaling a Woo Commerce Child Theme
Goto https://woocommerce.com/product-category/themes/storefront-child-theme-themes/ and choose a theme.
Purchase and Install the desired child theme (I uploaded it to my /wp-content/themes/ folder with forklift). I chose a free deli theme.
Goto your WordPress then themes folder and activate your new child theme.
Post Site Setup
Just because your site is live does not mean you can rest.
SEO Optimization
Do use sites like https://seositecheckup.com/ and follow recommended actions to improve your SEO like updating meta tags.
More Reading
Attaching an email to your domain
You can pay $5 a month and link a G Suite email to your domain.
Once you have a G Suite account you can link other domains (and domain emails) to it. You can login to your G Suite emails via G Mail and send emails from apps or the command line.
Why Vultr
I use the server host Vultr as they have data centres all around the world and the support of great, Digital Ocean is good too but they don’t have data centres in my country (Australia). Vultr allows you to deploy all over the world upgrade servers, move servers, add storage and restore servers.
Alternatively, you can buy a $2.5/m server and generate a static website
I use the Platforma Web HTML generator to build mobile and WCAG compliant websites.
Buying a domain, I buy my domains from https://www.namecheap.com/ it is a good idea to look for coupons first at https://www.namecheap.com/promos/coupons.aspx before buying a domain.
Once you buy a domain you can point it to a Vultr server and upload your website.
I hope this helps someone.
Donate and make this blog better
Ask a question or recommend an article
Revision History
v.1.2 WordPress WooCommerce
v1.1 SEO
v1.0 Initial Draft
It is possible to deploy a server in minutes to hours but it can take days to secure. What tools can you use to help identify what to secure on your website?
Advertisement:
I have a number of guides on moving hasting away form CPanel, Setting up VM’s on AWS, Vultr or Digital Ocean along with installing and managing WordPress from the command line, installing a Free SSL certificate and setting up SSL security.
Security Tools
Qualys SSL Labs SSL Tester is the best tool for checking an SSL certificate strength
Most people don’t know Qualys also has another free (limited to 10 scans) vulnerability scanner for websites.
Goto https://freescan.qualys.com/ and click Start your free account.
Complete the signup form
Now check your email to login and confirm your email account
Login now from the email.
Create a password (why the 25 char max Qualys?)
Enter your website URL and click Scan
The scan can take hours
While the scan was being performed I noticed that Qualys offers alerts (I’ll check this out later): https://www.qualys.com/research/security-alerts/
Yes, the scan can take hours, take a walk or read other posts here.
The scan is almost complete
Yay, my latest scan revealed 0 High, 0 Medium and 0 Low-risk vulnerabilities.
It did report 23 informational alerts like “Firewall Detected“.
Threat Report Results
Patch Report Results
This report was empty (probably because I don’t run Windows)
Threat Report Results
The OWASP report contained partial scan results (maybe the full report is available to pro users)
Previous Scan Results
The Qualys dashboard will show all past scans.
My first scan showed a Low priority issue with the /wp-login.php page as the input fields did not have “autocomplete=”off””, I fixed this by adding “autocomplete=”off”” the removing the page (safer).
The second scan found two issues with cookies (possibly ad banner cookies) and 2 subfolders that I created in past development exercises. I deleted the two sub-folders that were not needed.
The third scan was clean.
Here is a scan of a static website of a friends server (static can be less secure if the server underneath is old or unpatched).
Happy scanning. I hope this guide helps someone.
Ask a question or recommend an article
Revision History
v1.1 Static Web Server Scan
v1.0 Initial post
OWASP is a non-profit that lists the Top Ten Most Critical Web Application Security Risks, they also have a GUI Java tool called OWASP Zap that you can use to check your apps for security issue.
Advertisement:
I have a number of guides on moving hosting away form CPanel , Setting up VM’s on AWS, Vultr or Digital Ocean along with installing and managing WordPress from the command line. It is important that you always update your site and software and test your sites and software for vulnerabilities. Zap is free and completely open source.
Disclaimer, I am not an expert (this Zap post and my past Kali Linux guide will be updated as I learn more).
OWASP Top 10
OWASP has a top 10 list of things to review.
Download the OWASP 10 10 Application security risks PDF here form here.
Using the free OWASP Zap Tool
Snip from https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project
“The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers*. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. It’s also a great tool for experienced pentesters to use for manual security testing.”
Zap Overview
Here is a quick demo of Zap in action.
Do check out the official Zap videos on youtube: https://www.youtube.com/user/OWASPGLOBAL/videos if you want to learn more.
Installing Zap
Download Zap from here.
Download Options
Download contents
Copy to the app to the OSX Application folder
App Installed
Open OSX’s Privacy and Security screen and click Open Anyway
OWASP Zap is now Installed
Ready for a Scan
But before we do let’s check out the Options
OWASP Zap allows you to label reports to ad from anyone you want.
Now let’s update the program and plugins, Click Manage Add-ons
Click Update All to Update addons
I clicked Update All
Installed some plugins
Zap is Ready
Add a site and right click on the site and you can perform an active scan or port scan.
First Scan (https failed)
I enabled unsafe SSL/TLS Renegotiation.
This did not work and this guide said I needed to install the “Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files” from here.
The extract files to /Library/Java/JavaVirtualMachines/%your_jdk%/Contents/Home/jre/lib/security
I restarted OWASP Zap and tried to scan my site buy it appears Cloudflare (that I recently set up) was blocking my scans and reported error 403. I decided to scan another site of mine that was not on Cloudflare but had the same Lets Encrypt style SSL cert.
fyi: I own and set up the site I queried below.
OWASP Zap scan performed over 800 requests and tried traversal exploits and many other checks. Do repair any major failures you find.
Generating a Report
To generate a report click Report then the appropriate generation menu of choice.
FYI: The High Priority Alert is a false positive with an HTML item being mistaken for a CC number.
I hope this guide helps someone. Happy software/server hardening and good luck.
More Reading
Check out my Kali Linux guide.
Ask a question or recommend an article
Revision History
V1.3 fixed hasting typo.
v1.2 False Positive
v1.1 updated main features
v1.0 Initial post
