Skip to content

Category: Blog

Self-Hosted WordPress and GDPR compliance

So I started this blog after being a long time “Google+ only” publisher, and now GDPR is coming.

I have looked into making this wordpress instance GDPR compliance, but it’s no fun. The webfonts are easy, but “no more Youtube embeds without a consent orgy” is no fun, and losing the Google/Facebook/Twitter SSO integration will basically lose all mobile users (80% or so of all readers).

The easiest way to get GDPR compliance is to move back to Google+ only, or to move this blog to or to

What migration target do you prefer (running a self-hosted instance is not an option for me after May, 25)?


Posting from the commandline

This post has been created using the commandline.

$ cd $WP_ROOT
$ wp post create /tmp/post-content.txt \
> --post_title="Posting from the commandline" \
> --post_category=16 \
> --post_status=publish

You will find additional information in $WP_ROOT/wp-includes/post.php.

Look at the parameters for “function wp_insert_post”. They translate into command line parameters for “wp post create”.

Also look at the various “register_post_status” definitions in that file if you want to understand what ‘publish’ is and which other states exist.

The category has been specified as a number. You can find these in the menu for the category tree. Category labels like “blog” don’t work here.


Social Comments Plugin

This blog accepts comments without any authentication or account: You can simply enter any name and email address and write stuff. Spam is filtered out via Akismet, and the Email is mostly used for Pre-Approval of comments.

Some people in a discussion on Google plus have been asking for social login buttons using OAuth2 based authentication instead, because they cannot be bothered to enter an Email address (Seems to be mostly a problem on mobile).



This blog is running a WordPress, using Ubuntu, Apache and MySQL. So it’s a very basic installation.

I made all this with a tiny Scaleway VM and Ansible. My Goal has been to install this thing without actually having to log into the VM (“Look Mom, no hands!”). Of course, I have been logging into the VM, but that’s mostly for checking things are going well.


The Blog

Tech Meta: As you can see, this blog is still being built.

  • I seem to have fixed the most glaring problems with the stylesheet – blockquotes and links in the text are no longer in an outsized font.
  • Basic wordpress hardening is in place. A longer article about that needs to be written.
    • Command line tools for WP are in place, and the installation of the blog has been ansibilized. In a completely horrible way, because uploading a shell script that runs WP-CLI is not the Ansible Way™ at all. This needs to be prettyfied as much as possible, but still won’t be the Ansible Way™ when finished.
  • I have been testing the blog with mobile, and the theme seems to be adaptive just fine.

What’s missing: A number of things are not here, yet.

  • Let’s Encrypt Integration is still not in place. It will come.
  • I am still looking for a nice tool that can accept an Android Share intent and will fetch a header and a nice image from the URL and make an article of the “link” format with a number of Categories from it.
    • There is a WP Android App. I need to test it, and also need to understand if it fundamentally can work with Google Authenticator enabled on the blog.
    • If it does not solve the “here’s a link, make a basic article share out of it” problem, it’s not really helpful. It’s not that I’ll be writing a lot of text on a cellphone, that would be dump. I need to be able to do G+ like sharing from a cellphone as a reminder to edit and fatten the share later from a proper machine.

What will happen (several times): When everything is finished, I need to destroy this VM and redo it from scratch and backup in order to make sure it’s completely hands off. We will have a short service interruption for that, but you should not be worried, we’ll be back. I still have no timeline for that.

So what will happen? Some Guidelines: As the new G+ is as horrible as the preview promised, I’ll pull my presence out of social media as much as possible.

  • We have a RSS content full feed and a RSS comments full feed, on autodiscovery. Subscribe to them.
  • All links will go to G+, manually. Or not, if I forget to do that. Use RSS, really.
    • Comments on G+ are off. Use the comments in the blog.
    • The awesome Friends+me will pick that up and spam the rest of the social media. Comments can’t be off there, but I won’t be reading them. Sorry about that. Use the comments in the blog.
    • Comments are moderated for first time posters. Once you have commented here and have been enabled, you should be able to do so without moderation.

Yes, it’s retro. That’s probably a feature.