Migrating my WordPress blog to SiteGround

I was looking around for a different web hosting company, and decided to give SiteGround a try, because they seem to have a good quality service at a reasonable price.

I signed up for their GrowBig hosting plan that allows you to host multiple domains/sites on one account, and also fully supports the Let's Encrypt free SSL service

Google are keen for the whole of the web to be encrypted. They announced a few years ago that they started to boost web pages in their search results that are hosted on secure sites, and also that later this year the Chrome browser will highlight "Not Secure" web sites.

I had already played around with installing an SSL certificate for my richardbloomfield.com site, but SSL certs can be expensive to buy and maintain, and my old host would only allow me to install one cert on my shared hosting account – so I could only secure one of my domains.

To perform the migration of my WordPress blog between hosts, I followed the instructions on this page:

How to Move WordPress to a New Host or Server With No Downtime

It uses a plugin called Duplicator that does all the heavy lifting of creating a complete backup of your existing site – including the WordPress database (that stores all your posts, pages, comments, and settings), and all the WordPress files (the WordPress software itself plus any themes and plugins you've installed).

The blog installed without any problems on my new hosting account, and I was left with an exact copy of my old WordPress installation.

Then all that was left was to log into the SiteGround control panel and enable the Let's Encrypt SSL for that domain with a couple of clicks, and I was all set.

I also installed the SG Optimizer plugin that allows me to make use of the SiteGround dynamic web cache (which really speeds up my web site) and allows for a one-click option to force all blog traffic over the HTTPS secure connection.

You might want to whitelist your favourite web sites

Adblock plugins for web browsers are great! They block out all the annoying and distracting adverts on web pages, and make the browsing experience for visitors altogether more pleasant.

They're very popular – so popular that some web site owners are getting hurt from the lack of ad revenue. Publishers are fighting back using pop-up messages to try and persuade you to disable the adblock – and some even block access to their content until you whitelist them.

I'm not a fan of forcing people to turn off their ad blockers, but I have been thinking recently about the impact of using them.

I read an article a few days ago about a popular site that closed down because it wasn't making any money – and they cited the lack of ad revenue as a major contributory factor.

So it got me thinking about some of the websites that I visit every day – the blogs and news sites that I rely on for information and entertainment. I didn't like the idea that they might suddenly disappear because they had become financially unsustainable.

And so, short of actually sending the publishers of these sites money – something that's often not even an option – I realised that the only way I could give them my patronage was to whitelist them in the ad blocker. At least that way, they could earn a little bit of revenue from my visits. And I figured it was a small inconvenience for me to bear in order to support the writers I enjoy. 

New registration rules for .ie domains

From March 2018 the Irish domain name registry are making it easier to register a .ie domain name.

Following a consultation period, new liberalisation policies are coming into force to remove some of the administrative overhead in registering an Irish (.ie) domain.

Previously, if you wanted to register a domain you needed to satisfy the registry about three things:

  1. Your identity – by providing a copy of your ID,
  2. Your association with Ireland – demonstrating that you are Irish, resident in Ireland, an Irish business, or a business trading in Ireland,
  3. Your claim to the domain name – for individuals, this meant you could only register your actual name; and for businesses, your business name or trademark.

The change coming into effect soon is the removal of the 3rd requirement. You no longer have to prove your claim to a name. As long as you can prove your association with Ireland, you will soon be able to register whatever domain name you like.

The change is seen as a liberalisation of the IE registrations, and has been made to encourage Irish businesses and individuals to use IE domains who had previously been put off by the registration rules.

The negative side is that the change also opens the market to an increase in domain name squatting, or speculative registration. And so, businesses in particular are being encouraged to come forward and secure their name now before the changes take effect.

Can I own my own top level domain?

In 2013 the Internet Corporation for Assigned Names and Numbers (ICANN) opened up the market for new Top Level Domains (TLD) that allowed companies to register their own domain extension.

The idea being that instead of visiting mail.google.com to access your Gmail, you might instead use the address mail.google. The .com is gone – to be replaced with .google – so that Google could use domains such as search.google and calendar.google and blogger.google for their different services.

Hundreds of brands have subsequently applied to run their own TLD, including the like of Amazon, Apple, the BBC, BMW, Delta Airlines, and Microsoft – and are starting to use them for their web presence. But I was wondered if it was possible for an individual to get and run their own TLD.

Could I, for instance, apply to run the .bloomfield top level domain, and use the domain richard.bloomfield for this blog? Now that would be the ultimate vanity domain name!

I'm not sure if any individual has ever tried to apply for one. Certainly it would be pretty expensive:

  • A one-time application fee of $185,000 to apply for each TLD
  • A quarterly fee of $6,250 for maintenance
  • A per-transaction fee of $0.25 (once you go over 50,000 transactions)

And that's just the fees I would pay to ICANN. I would probably need to maintain a few servers to run my TLD and domain registry, and I'm sure there would be a few other costs involved. So unless I become a multi-millionaire, I doubt if I'll be taking control of .bloomfield any time soon.

Gmail two-factor authentication

It's interesting that Google had revealed that fewer than 10% of people using Gmail have two-factor authentication active on their account. Most people are relying on just their password to protect them!

So why should anyone be worried about their email getting hacked? A lot of people might say that their email doesn't contain anything of particular value to worry about – but they forget that your email is often the access key to every other service you use online.

Think about all the forgotten password reset forms you've ever filled in. Most of the time, all they require is for you to enter your email address, and then click on a link in the subsequent email they send you.

So, if I have access to your email account, I can start accessing all your accounts: all your social media accounts, all your online utility accounts, and maybe even some of your bank/financial accounts. I can certainly find out a lot of information about you that I could use for identity fraud.

I also have full access to all your contacts, and can approach them, pretending to be you, and try and scam them out of money or information.

So I'd certainly recommend that your email account should be the most secure account you have online – precisely because its the gateway to all your other accounts.

So what is two-factor authentication then?

Two-factor authentication requires you to enter two pieces of information to access your account. The first authentication is your password, and the second is typically something like a 4 or 6 digit code sent via SMS to your phone.

With two-factor authentication enabled, you need to have access to both your password and a physical device (your mobile/cell phone) to access your account. And so it makes it a lot harder for someone to hack into your account.

Google makes it even easier to use, in that it offers alternatives to the typical SMS code sent to your phone. You can do your second authentication by using any of these methods:

  • clicking a button on your phone
  • running an authentication code app (useful if you don't have signal to receive an SMS)
  • receiving an automated voice call to your mobile or landline
  • storing a security code on a USB stick
  • having a printed list of codes

And once you have authenticated yourself on a particular computer or device you often don't need to re-authenticate yourself for a month or more – and so it's not that big a hassle.

And to enable it, all you have to do is visit the Google 2-Step Verification site and turn it on. It takes only a few minutes, and could go a long way to securing yourself online.

What about other services?

You can enabled two-factor authentication on all major sites such as Facebook, Twitter, Instagram and LinkedIn. Your bank probably forces you to use it, or has some additional security steps to try and protect your account.

And you can visit the site Two Factor Auth to find out what online services you use have it available.