Web Site Updates – addresses and https:


History

Several years ago this site was created as www2.pmb.co.nz to use WordPress to replace our much older html only pmb.co.nz site.

When rcbeacon.com was introduced 2-3 years ago, the site contained a lot of content. Fully converting from www2… to rcbeacon was going to be a big job. The result was a site with a confusing mix of rcbeacon.com and rcbeacon.com. To clean this up entirely would mean changing over 1000 database entries; not just a search and replace.

Stage 1

With the help of the Duplicator plugin we have now converted the site to rcbeacon.com. the www2… should be gone 🙂  With a bit of luck the rewrite rule will convert all incoming www2 addresses to the new equivalent rcbeacon addresses.

Duplicator is a great backup and restore tool, but it doesn’t take care of all internal link conversions on a site like this one. A site that has been up for several years and seen a few plugins come and go.

Complications

rcbeacon.com updatesThere are apparently still a few (hundred) buried references to www2, and even a few much older local network addresses from before it even saw the www.

It was recommended that I try this WordPress database search/replace php tool. It works great. Just be sure to follow the instructions.

The Shop

We started off using the WP-eCommerce a few years ago. It was one of the bigger low cost options at the time. It was not very user friendly for installer/maintainer or the customer. I suppose a lot of work could be applied and a new front-end created to provide any sort of presentation and checkout process. Too much work.

Recently I looked at woocommerce, the other big low-cost option. Woocommerce has received a lot more development input and seems to be improving faster than WP-eCommerce.

To change to woocommerce would mean modifying the Suffusion theme, making a dodgy patch or changing themes.

Theme Change – Suffusion to Customizr

  A lot of hunting about and I decided that 99% of all theme reviews were a waste of time. The showed pretty pictures and moving whizzy bits but told nothing of what the theme was like to install, setup or use.  Several comments suggested that Customizr was worth a look.  So I installed it on a backup server and experimented for a few days.

It turned out that the free version was very limited but offered easy custom CSS input and easy to install child theme. The Pro version looked like the best option, and I was ready to pay up, when I found that it was a yearly payment or all updates ended; and it didn’t provide detail of what the pro version offered. I wasn’t going to get tied in to on-going plans for basic security updates for a lot of features I probably would not use.

So I spent a week researching and experimenting with Custom CSS. If you consider the hours, it was more expensive, but no yearly lock-in.

I am now reasonably happy with the set up, although always making minor changes. Customizr is a lighter weight theme than Suffucion and I think this leads to a quicker navigating experience. The shop presentation and checkout is much improved.

A Glitch – A serious PITA bug in Customizr

Note added 29-Feb-2016

I noticed slow page load times and the browser status message stuck saying “waiting for fonts.googleapis.com”.  A bit of searching and it seems that Google provide open fonts and that are called by the browser and cached as determined by the web page requirements.

I really hate web pages that pull in bits and pieces from other servers, especially unnecessary and minor things like fonts.  Apparently, even WordPress uses Google fonts in the dashboard. How F*&King stupid is that.

It seems that the Customizr theme only allows the use of Google fonts; there is not the option to use default browser fonts. Had I known this earlier I would have had second thoughts about using the Customizr theme.

Stage 2 – https:

I am also switching to https:  This requires a SSL Certificate and some server set up.

SSL certificates can be bought from a number of providers and many re-sellers. There is a confusing array of options and prices. I went with a thawte SSL123 certificate from gogetssl.com. The purchase process took a little while because I wanted to read all the instructions and get it right the first time.  Installing to the server was relatively easy. I already had a spare machine set up and running with a self-signed certificate.

The plan is to get the spare server up and running a complete copy of the site with https:. Then when happy with how it all works, backup the live site (this one), put it on the spare server and make it live, replacing the http: server.

Note added 29-Feb-2016

This has not yet been completed because it has been time consuming and difficult to achieve while being sure basic site operation is not upset.

SSL Message – “This site does not supply identity information”

There should be, and often is a padlock shown in the address bar indicating that the connection is secure. Sometimes the padlock is replaced with an alert triangle and the “identity information” message when you mouse over it.

This is apparently due to there being one or more links within the page that come from http: sources.

In this case these are links inserted by the theme, back to its home base (advertising), and links inserted by bbpress to documentation and support. Not security issues, but they “appear to detract” from the security.

I don’t want to switch it live to https: until I have sorted this out.

Leave a comment