Self-hosting multiple WordPress blogsMy experience, tips and tricksMartin Buckleyezs@evilzenscientist.comtwitter: @ezs

Some history and contextFirst on-line presence way back in 1993Evolution over 16 years:Static HTML  something a little more automated  bloggingAlso my extended family are in the UK/NZ – keeping the Grandparents up to date is important.

Technology evolutionWay back - ftp upload of html/content to some Unix hostSince 2000 – static IP and self hosting2000 – NetWare (!) + static content2003 – SLES 8 + Apache + static content2005 – SLES 9 + Apache + mysql + WordPress 1.52009 – virtualised web + mysql on SLES

Why self-hostingI’m a technology geek. Self hosting means live servers, a great sandbox and a real learning environment.(I also run the home infrastructure..)I get ultimate flexibility and control.Hosting elsewhere is cheaper – with the usual issues around security, platform, updates etc

Hosting for friends and familyThe ultimate scope creep.Started with the ‘family blog’ – added my ‘personal blog’ …… then added various additional blogs for family members; three blogs for friends and my sisters Cub Scout pack.Now over a dozen in total.

Understanding the ‘stack’.. And it all needs testing and patchingGallery2ThemesPlugins – ‘Core’ and ‘Per site’WordPress CoreDatabase + dataGraphics helpers for Gallery2Apache/PHP/mysql/libsSLESHardware

Old school patchingCheck on a semi-regular basis for updates to WordPress (e.g. 1.5  1.6)Download; unpack; test.Check for Linux updates on a regular basisDownload; update; test.

Patching todayPlugins seem to be updated on an almost daily basis.WordPress at last has a more regular cadence for updates; expect the flurry of point releases after a major rev.

The challengeEach blog is built of a ‘core’ set of plugins – with some specific functionality added on top. There are a couple of hand-coded modifications in place (theme and php-exec plugin)How to keep ‘secure’ and functional – without spending 20 hours a week patching..

Change control is keyDiscipline keeps things sane.Consistent core blog structureDocument changes; test the changes; deploy the changesHave a rollback/backup planPlan for major, grouped updatesMy last one was to 2.8.3Expect the short notice security fixes2.8.4!

Typical change control matrix

Test, test – test again.Something unexpected will always happen.e.g. libxml2/PHP bug – trac 7771http://core.trac.wordpress.org/ticket/7771http://www.evilzenscientist.com/blog/2009/08/05/php-xml-parsing-bug-and-a-workaround/

Backup and recoveryBackup is really important.Understand everything that needs to be archived for recovery.Mysql dump; filesystem dumpConfiguration files from serverDocumentation

BackupWeekly dump of mysql and configto offline disk.Monthly dump of photos to offline disks.Full archive every quarter.Stored in a fire safe.Looking at going back to tape to make this easier and faster.

RestoreFire/theft/hackers/malware/bad hardware.Something will eat the data.Since 2000 I have rebuilt the web servers over a dozen times – upgrade OS, moving OS, moving hardware, replacing failed hardware, upgrading hardware – all the usual reasons.Practice your data rebuild before the emergency!

SecurityHaving anything internet facing invites intruders. Everything from casual inquiries to more serious hacking and DOS attempts.At some point someone will try and hack/attack you.Be prepared.

SecurityThe basicsKeep things up to date!Have an edge firewall and intrusion detection.Understand your normal traffic patterns in and outNAT helps a littleDon’t run your web site on your laptop/games machine/home server

Keep things up to date!

Have an edge firewall and intrusion detection.

Understand your normal traffic patterns in and out

NAT helps a little

Don’t run your web site on your laptop/games machine/home server

SecurityThe basicsMinimise the attack profile – less is better. Turn off/don’t install unwanted modules and features.Anti-virus for WindowsHost firewall rulesHave good quality passwordsDon’t use root; have separation of priviledges

Minimise the attack profile – less is better. Turn off/don’t install unwanted modules and features.

Anti-virus for Windows

Host firewall rules

Have good quality passwords

Don’t use root; have separation of priviledges

SummaryI love hosting my own WordPress – it’s been a great learning experience.Keep on top of patching and updates!Share your experiences – WordCamp and WordPress.org – the community needs us allEnjoy!

ResourcesMicrosoft/Web – WordPresshttp://www.microsoft.com/web/gallery/WordPress.aspxMicrosoft WebsiteSparkhttp://www.microsoft.com/web/websitespark/OpenSUSEhttp://www.opensuse.org/en/OpenSUSE software search/multi distrohttp://software.opensuse.org/search