More unexpected props

With this week’s release of WordPress 4.5, yet again, I received props without being aware of it beforehand. As was the case when I wrote about this last year, this recognition came for code I contributed many years ago–four in this case, making it older than my contribution to 4.2.

As I wrote then,

I mention this not to bring attention my involvement, but to highlight the importance of patience when contributing to Open Source projects like WordPress.

Please, read Accidental Props 💥 if you’re discouraged or disappointed because your contribution hasn’t been accepted.

X-Frame-Options and WordPress post embeds

WordPress 4.4 simplified the process of embedding WordPress content on other sites with the introduction of post embeds. From the feature’s announcement post:

WordPress has been operating as an oEmbed consumer for quite some time now, allowing users to easily embed content from other sites. Starting with version 4.4, WordPress becomes an oEmbed provider as well, allowing any oEmbed consumer to embed posts from WordPress sites.

The problem

As exciting as this feature is, it ran into an incompatibility with my server configuration. I’ve set the X-Frame-Options header to SAMEORIGIN near-universally within my nginx configuration, thereby blocking other sites from displaying my sites in frames; instead, my sites can only display their own content inside of frames. I’ve done so as a security measure against “clickjacking.” This header has no impact on my use of WordPress, nor on visitors’ interaction with my sites, but as I discovered, it breaks post embeds in an awkward way.

Continue reading X-Frame-Options and WordPress post embeds

Removing Site Icon from Jetpack’s OG tags fallback

In WordPress 4.3, a Site Icon feature was introduced, allowing users to set the icon used by browsers and smartphones when representing a given site. In Jetpack 3.9.2, the site icon was added as a potential fallback when choosing an image for social networks like Facebook.

Continue reading Removing Site Icon from Jetpack’s OG tags fallback

Strebel’s interview with Alex King, from PressNomics 4

Today at PressNomics 4, Josh Strebel shared an interview he did with Alex King back in September, just ten days before Alex passed following a long fight with cancer.

It’s both incredible to me, and simultaneously unsurprising, that Alex took the time to record this interview given how sick he was at the time–one final contribution to a community he was so important to and engaged with.

Introducing a way to retain HeadSpace2 data without the original plugin

Many years ago, I used the HeadSpace2 plugin to manage SEO on a now-dormant site. I’ve left the plugin installed there to retain the data it holds, but recently decided to explore alternatives.

Continue reading Introducing a way to retain HeadSpace2 data without the original plugin

nginx header inconsistency, aka setting headers all the way down

For the three visitors I attract in a month, I’ve had an outsized interest in making this the most secure WordPress site that I can. My focus of late has been primarily on the security-related headers I can set. In particular, ensuring that HSTS and HPKP were present on all requests became a priority.

Why?

A few weeks ago, I noticed that certain assets served from my CDN host lacked the Strict Transport Security headers (HSTS) I’d expected. To the best of my knowledge, I’d configured nginx to set these headers on every request.

Continue reading nginx header inconsistency, aka setting headers all the way down

Building My Network

Over the past three years, I’ve spent more time than I care to admit on a single project. It started off innocently. Since then it’s grown to occupy a significant place in my daily thoughts.

As you read this, you’re experiencing the product of these efforts. Perhaps you clicked on an eth.pw short URL to get here. If not, your browser still had to figure out how to get to ethitter.com. Now that you’re here, maybe you need to contact me via email. To make any of these endeavors possible, I’ve built a personal “network” of servers and had endless fun doing so.
Continue reading Building My Network

Hello PHP 7!

With relatively little difficulty, I’m now running PHP 7 alongside PHP 5.6. PHP 7 was released at the beginning of the month, and WordPress was one of the platforms tested against. Given that I can’t stop tinkering with this server’s configuration, I really had no excuse not to set up PHP 7.

Given the myriad services I’m running, I couldn’t switch to PHP 7 outright. While WordPress and YOURLS (powering my url shortener, eth.pw) both support PHP 7, the compatibility list basically ended there.

As I went into this with a fair bit of trepidation (and many backups), what follows is a bit about my experience.

Continue reading Hello PHP 7!