I think I’ve pretty much got https working on this blog. At present it will serve up both unencrypted or encrypted versions depending what you ask for. The encrypted version is, at least on my computers, noticeably slower to turn up.
So the question is, What do I do now? Should I turn of http and forward all traffic to https? If I do so, should I remove the remaining insecure items, which I take to be the counters and the little map that shows where visitors come from? Is there a free counter somewhere that is https compliant? If I don’t force https, what’s the point of having the encrypted version there if almost no one other than the people running EFF’s great https-everywhere plugin will ever see it?
I’ve purchased a certificate for the blog so it can run on SSL/TLS, ie have an https address.
Little did I know how much grief this would cause. However, I only locked myself out of the blog once, and with the help of of a WordPress https plugin I am gradually reducing the number of mixed-content errors.
Security really shouldn’t be this hard …
Blog migrated to a new server. Many things still flaky.
Along the way I learned that I had 2.2 GB — yes gigabytes — of useless accumulated metadata for comments, caused by getting
1.5 million 2.1 million or so sp*m comments over the last decade. I removed those with the WordPress WP Clean Up plugin which worked like a champ.
Before I got to that point, however, I had to back up my databases, and because of all the cruft they were too large to back up on the old host. Eventually I figured out how to let PHP run for half an hour and I got there.
The transfer to the new service (Dreampress instead of a VPS at Dreamhost) was supposed to be automatic, but it wasn’t. Files didn’t get copied over, permissions were wrong, and doubtless more stuff I don’t know about yet.
Anyway, lots of cleanup and checking left to do.
Gonna do radical stuff under the hood of the blog. Expect flaky behavior until I sound the all clear.
Best case: all goes smoothly tomorrow and blog stops crashing.
Worst case: on Monday I’m back where I started.
That’s what I got this past year. That’s more than triple the previous year, and more than ten times what I got four years ago.
This combination worked fine for a decade. Now I’m getting overwhelmed. Over the past decade, 99.67% of my comments have been spam. I could turn off comments — it’s not like I’m overwhelmed with real ones these days — but I’d hate to do that.
Discourse.net got a new server overnight and then crashed a few times. Here’s hoping the bugs get ironed out soon….